CN105554008B - User terminal, certificate server, intermediate server, system and transfer approach - Google Patents
User terminal, certificate server, intermediate server, system and transfer approach Download PDFInfo
- Publication number
- CN105554008B CN105554008B CN201511001471.5A CN201511001471A CN105554008B CN 105554008 B CN105554008 B CN 105554008B CN 201511001471 A CN201511001471 A CN 201511001471A CN 105554008 B CN105554008 B CN 105554008B
- Authority
- CN
- China
- Prior art keywords
- key
- user terminal
- key pair
- information
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides the transfer approach of a kind of user terminal, certificate server, intermediate server, system and key, can further increase safety when user authentication.The transfer approach includes: to be generated to apply corresponding second key pair with first by intermediate server;The first key of second cipher key pair is sent to user terminal, the second key of the second cipher key pair is sent to certificate server;First key pair associated with user information is generated by user terminal;The second key of first key centering is encrypted using with the first key of the first corresponding second cipher key pair of application, obtains the first encryption information, and the first encryption information is sent to certificate server;In certificate server, the first encryption information is received from user terminal, is decrypted using with second the first encryption information of key pair of the first corresponding second cipher key pair of application, to obtain the second key of first key centering associated with user information.
Description
Technical field
The present invention relates to user terminal, certificate server, intermediate server including user terminal and certificate server and in
Between the system of server and the sender of the key applied to user terminal, certificate server, intermediate server and system
Method.
Background technique
After generating client public key and private key for user in the user terminal, client public key is sent to certificate server.?
When carrying out user authentication, user terminal signs to certification request using private key for user and is sent to certificate server, certification
The corresponding private key for user of server by utilizing carries out sign test, to realize user authentication.
But in above-mentioned cipher key transmitting method, there is the risk that user's malicious exploitation client public key is risked by puppet, thus
Safety reduces.
Summary of the invention
The present invention completes in view of the above problems, and its purpose is to provide a kind of user terminal, certificate server, intermediate clothes
Be engaged in device, the system including user terminal and certificate server and intermediate server and be applied to user terminal, authentication service
The transfer approach of the key of device, intermediate server and system can further increase safety when user authentication.
According to the first aspect of the invention, a kind of transfer approach of key applied to user terminal is provided.The transmission
Method includes: generation first key pair associated with user information;Store first key centering associated with user information
First key;Apply the first key of corresponding second cipher key pair to the second of the first key centering using with first
Key is encrypted, and the first encryption information is obtained;First encryption information is sent to certificate server.Wherein, described
The first key of one cipher key pair is used to sign to the certification request sent by user terminal, the first key centering
Second key in the certificate server to institute received signature after certification request progress sign test, second key
Corresponding key pair is applied in the user terminal first to for what is generated by intermediate server, second cipher key pair
First key is sent to the user terminal by the intermediate server.
According to the second aspect of the invention, a kind of transfer approach of key applied to certificate server is provided.The biography
Delivery method includes: to receive the first encryption information from user terminal;Utilize second with the first corresponding second cipher key pair of application
First encryption information described in key pair is decrypted, so that obtain first key centering associated with user information second is close
Key.Wherein, the second key of the first key centering in the certificate server to recognizing after received signature
Card request carry out sign test, second key pair be generated by intermediate server in the user terminal first apply it is corresponding
Key pair, the second key of second cipher key pair is sent to the certificate server by the intermediate server.
According to the third aspect of the invention we, a kind of transfer approach of key applied to intermediate server is provided.The biography
Delivery method includes: to generate to apply corresponding second key pair with first;The first key of second cipher key pair is sent to
User terminal;Second key of second cipher key pair is sent to certificate server.Wherein, second cipher key pair
First key is in the user terminal encrypting the second key of transmitted first key centering, second key
Second key of centering is used in certificate server that received first encryption information of institute to be decrypted;The first key pair
In first key for signing to the certification request sent by user terminal, the second key of the first key centering
For in the certificate server to certification request after received signature carry out sign test.
According to the fourth aspect of the invention, a kind of transfer approach of key is provided.The transfer approach includes: to be taken by centre
Business device, which is generated, applies corresponding second key pair with first;The first key of second cipher key pair is sent to user's end
End, is sent to certificate server for the second key of second cipher key pair;It is generated by user terminal related to user information
The first key pair of connection;Apply the first key of corresponding second cipher key pair to the first key centering using with first
Second key is encrypted, and obtains the first encryption information, and first encryption information is sent to certificate server;Institute
It states in certificate server, receives the first encryption information from user terminal, apply corresponding second cipher key pair using with first
First encryption information described in second key pair is decrypted, to obtain the of associated with user information first key centering
Two keys.Wherein, the first key of the first key centering is used to sign to the certification request sent by user terminal,
Second key of the first key centering in the certificate server to certification request after received signature into
Row sign test.
According to the fifth aspect of the invention, a kind of user terminal is provided.The user terminal includes: communication unit, configuration
To send and receive information;Storage unit configures to store key;Processing unit configures associated with user information to generate
First key pair, the first key of first key centering associated with user information is stored to storage unit, and is matched
Set utilize with the first key of the first corresponding second cipher key pair of application to the second key of the first key centering into
Row encryption, obtains the first encryption information, controls the communication unit for first encryption information and be sent to certificate server.Its
In, the first key of the first key centering is for signing to the certification request sent by user terminal, and described first
Second key of cipher key pair in the certificate server to institute received signature after certification request progress sign test, institute
State the second key pair be generated by intermediate server in the user terminal first apply corresponding key pair, the processing
Unit will be by the first key of received second cipher key pair of communication unit storage to the storage unit.
According to the sixth aspect of the invention, a kind of certificate server is provided.The certificate server includes: communication unit,
Configuration is to send and receive information;Storage unit configures to store key;Processing unit, configuration come utilize and first application pair
Second key pair of the second cipher key pair answered is solved by the communication unit from received first encryption information of user terminal
It is close, to obtain the second key of associated with user information first key centering, and by the first key centering
Second key storage is to the storage unit.Wherein, the second key of the first key centering is used in the authentication service
In device to certification request after received signature carry out sign test, second key pair is is generated and institute by intermediate server
It states in user terminal first and applies corresponding key pair, the processing unit will be by the communication unit from the intermediate server
Second key storage of received second cipher key pair is to the storage unit.
According to the seventh aspect of the invention, a kind of intermediate server is provided.The intermediate server includes: processing unit,
Configuration applies corresponding second key pair with first to generate;Communication unit is configured the first of second cipher key pair
Key is sent to user terminal, and the second key of second cipher key pair is sent to certificate server.Wherein, described second
The first key of cipher key pair is in the user terminal encrypting the second key of transmitted first key centering, institute
The second key for stating the second cipher key pair is used in certificate server that received first encryption information of institute to be decrypted;It is described
The first key of first key centering is for signing to the certification request sent by user terminal, the first key centering
The second key in the certificate server to institute received signature after certification request progress sign test.
According to the eighth aspect of the invention, it provides and a kind of is including intermediate server, user terminal and certificate server
System.Wherein, the intermediate server includes: first processing units, and configuration applies corresponding second key pair with first to generate;
First communication unit, the first key of second cipher key pair is sent to user terminal by configuration, by second key
Second key of centering is sent to certificate server.The user terminal includes: the second communication unit, is configured to send and receive
Information;The second processing unit configures to generate first key pair associated with user information, corresponding using applying with first
The first key of second cipher key pair encrypts the second key of the first key centering, obtains the first encryption information,
And it controls second communication unit and first encryption information is sent to certificate server.The certificate server packet
Include: third communication unit configures to send and receive information;Third processing unit, configuration are corresponding with the first application to utilize
Second key pair of the second cipher key pair is decrypted by received first encryption information of the third communication unit, thus
Obtain the second key of first key centering associated with user information.Wherein, the first key of the first key centering
For signing to the certification request sent by user terminal, the second key of the first key centering described for recognizing
Demonstrate,prove server in institute received signature after certification request progress sign test.
User terminal, certificate server, intermediate server including user terminal and certificate server according to the present invention and
The sender of the system of intermediate server and the key applied to user terminal, certificate server, intermediate server and system
Method, it is close using generated by intermediate server second when transmitting the second key in the first key pair generated by user terminal
Key pair, so as to further increase safety when user authentication.
Detailed description of the invention
Fig. 1 is the schematic diagram for indicating the system of embodiments of the present invention.
Fig. 2 is the flow chart for indicating the transfer approach of key of embodiments of the present invention.
Fig. 3 is the functional block diagram for indicating the user terminal of embodiments of the present invention.
Fig. 4 is the functional block diagram for indicating the intermediate server of embodiments of the present invention.
Fig. 5 is the functional block diagram for indicating the certificate server of embodiments of the present invention.
Specific embodiment
In the following, being explained with reference to embodiments of the present invention.Description referring to the drawings is provided, with help to by
The understanding of example embodiment of the invention defined by appended claims and their equivalents.It include help to understand it is various specific
Details, but they can only be counted as illustratively.It therefore, it would be recognized by those skilled in the art that can be to reality described herein
The mode of applying makes various changes and modifications, without departing from scope and spirit of the present invention.Moreover, in order to keep specification clearer
Succinctly, by omission pair it is well known that the detailed description of function and construction.
Illustrate the systems of embodiments of the present invention referring to Fig.1.The system of embodiments of the present invention includes user's end
End 1, intermediate server 2 and certificate server 3.In Fig. 1, a user terminal 1 is illustrated only, but in implementation of the invention
It may include multiple user terminals 1 in the system of mode.
Wherein, it can be sent and received information between user terminal 1 and intermediate server 2, intermediate server 2 and certification take
It can send and receive information between business device 3, and be sent and received information between user terminal 1 and certificate server 3.
Specifically, user terminal 1 is, for example, the electronic equipment of mobile phone, tablet computer, PC etc., can be taken to certification
Business device 3 sends certification request, to be authenticated.In addition, user terminal 1 generates the first key for carrying out user authentication
It is right, the first key of first key centering is stored, and the second key of first key pair is sent to certificate server 3.Recognizing
The second key of the first key pair for carrying out user authentication is received and stored in card server 3, and utilizes the first key
Pair the second key pair come user terminal 1 certification request carry out user authentication.Wherein, first key recognizes for example, user
Key is demonstrate,proved, the first key of first key centering is subscriber authentication key private key, and the second key of the second cipher key pair is user
Authentication key public key.But in embodiments of the present invention, first key to being not limited to subscriber authentication key, as long as with
The associated key pair of user information, and first key is to unsymmetrical key is also not limited to, be also configured to be
Symmetric key.
Specifically, intermediate server 2 generates the second key pair, and the first key of the second cipher key pair is sent to use
Second key of the second cipher key pair is sent to certificate server 3 by family terminal 1.Wherein, the second key pair is, for example, that application is tested
Key is demonstrate,proved, and is configured to the first key and the identical symmetric key of the second key of the second cipher key pair.But in the present invention
Embodiment in, the second key pair is not limited to application verification key, as long as with the application that is able to carry out in user terminal 1
(for example, first application) corresponding key pair, and the second key pair is also not limited to be symmetric key.As described later,
In user terminal 1, using the first key of the second cipher key pair generated by intermediate server, to being sent to certificate server
The second key of first key centering encrypted, to improve safety when key transmission.In certificate server 3,
The second key that the second cipher key pair can be utilized, is decrypted the second key of encrypted first key centering, thus
Obtain the second key of first key centering.
In turn, intermediate server 2 can also generate third key pair, and the first key of third cipher key pair is sent
To user terminal 1.Wherein, third key pair is, for example, device authentication key, and the first key of third cipher key pair is tested for equipment
Secret key and private key is demonstrate,proved, the second key of third cipher key pair is device authentication public key.But in embodiments of the present invention,
Third key pair is not limited to device authentication key, as long as key pair associated with user terminal 1, and third is close
Key is also configured to be symmetric key to unsymmetrical key is also not limited to.Wherein, in intermediate server 2, third is utilized
Second key of cipher key pair encrypts the first key for the second cipher key pair for being sent to user terminal 1.At user's end
In end 1, using the first key of third cipher key pair, the first key of encrypted second cipher key pair is decrypted, from
And obtain the first key of the second cipher key pair.
Wherein, intermediate server 2 is for example configured to the server or independent operation of manufacturer's management of user equipment 1
Third party's management server, therefore reliability is high relative to user terminal 1 or certificate server 3.
Specifically, certificate server 3 receives and stores the second close of the first key centering sent from user terminal 1
Key, and using the second key pair of the first key centering come user terminal 1 certification request carry out sign test, thus to
Family terminal 1 is authenticated.Wherein, the user information of each user is stored in certificate server 3, by each user information with
Second key of first key centering is associated.It is sent out in addition, certificate server 3 can also be received and stored from intermediate server 2
Second key of the second cipher key pair sent, to be come from using the second key of second cipher key pair to encrypted
Second key of the first key centering of user terminal 1 is decrypted, to obtain the second key of first key centering.
In addition, in certificate server 3, it can generate challenging value in response to carrying out user terminal 1 request and simultaneously be sent to
User terminal 1.In turn, in certificate server 3, the first key for carrying out user terminal 1 is stored in association with user information
Second key of centering, to carry out sign test to the certification request for carrying out user terminal 1.
In the following, illustrating the transfer approach of the key of embodiments of the present invention referring to Fig. 2.Fig. 2 indicates of the invention
The flow chart of the transfer approach of the key of embodiment.Wherein, the transfer approach of embodiments of the present invention is not limited to Fig. 2 institute
The transfer approach of the key shown, can be omitted as needed or adjustment member step.
In the following explanation carried out referring to Fig. 2, to generate the user information phase with user A in some user terminal 1
Explanation is unfolded for associated first key pair.Wherein, when carrying out user authentication, in the user terminal 1, by executing the
One application is to send the first key pair.In addition, with the user information of user A can in certificate server 3 registration in advance
User information is also possible to the user information of the not registration in advance in certificate server 3.
In addition, in Fig. 2, with first key to for the use including subscriber authentication key public key and subscriber authentication key private key
Family authentication key, the application verification key that the second key pair is symmetric key, third key pair be include that device authentication key is public
For the device authentication key of key and device authentication secret key and private key, explanation is unfolded.But as described above, first key to, second
Key pair and third key pair are not limited to example shown in Fig. 2.
In the step s 21, by 2 generating device authentication secret of intermediate server.Wherein, device authentication key includes that equipment is tested
Demonstrate,prove secret key and private key and device authentication public key.In addition, the device authentication key and each user that are generated by intermediate server 2 are whole
End 1 is corresponding.
In step S22, the device authentication public key generated in the step s 21 is stored by intermediate server 2.In addition,
In step S22, device authentication public key can also be sent to certificate server 3 by intermediate server 2.Certainly, in step
In the case that device authentication public key is also sent to certificate server 3 by intermediate server 2 in S22, connect by certificate server 3
It receives and stores the device authentication public key sent from intermediate server.
In step S23, device authentication secret key and private key is sent to user terminal 1 by intermediate server 2.
In step s 11, the device authentication secret key and private key sent from intermediate server 2 is received and stored by user terminal 1.
As described later, the device authentication key is for being decrypted the encryption information from intermediate server 2.
In embodiments of the present invention, through the above steps, it is stored respectively in intermediate server 2 and user terminal 1
Device authentication public key and device authentication secret key and private key.But it is also possible to by executing other processing, so that being taken in centre
Device authentication public key and device authentication secret key and private key are stored respectively in business device 2 and user terminal 1.For example, can be by user
1 generating device authentication secret of terminal, and device authentication public key is sent to intermediate server 2.
As described above, intermediate server 2 is for example configured to the server or independence of manufacturer's management of user equipment 1
The server of third party's management of operation.By the high 2 generating device authentication secret of intermediate server of reliability, so as to improve
The safety of system as shown in Figure 1.
Back to Fig. 2, in step s 12, the generation request of application verification key is sent to intermediate clothes by user terminal 1
Business device 2.Specifically, the identification information comprising the first application in the generation request that user terminal 1 is sent.
In step s 24, intermediate server 2, which receives, comes after the generation request of user terminal 1, in response to the generation
Request generates and applies corresponding application verification key in user terminal 1 first.In addition, being asked in the generation for carrying out user terminal 1
In the case where the identification information for asking the second application, generates apply corresponding application verification key with second in step s 24.?
Here, the application verification key generated by intermediate server 2 can be uniquely corresponding with each application in user terminal 1, can also
To generate identical application verification key.In addition, in the example shown in Fig. 2, the second key pair is the of application verification key
One key and the identical application verification key of the second key (symmetric key to).
In step s 25, the application verification key generated in step s 24 is sent to certification clothes by intermediate server 2
Business device 3.
In step S31, certificate server 3 receives and stores the application verification key sent by intermediate server 2.As after
Described, in certificate server 3, which is used to the subscriber authentication key public key sent from user terminal 1
It is decrypted.
In step S26, intermediate server 2 is encrypted using device authentication public key to using authentication secret, from
And obtain encryption information (the second encryption information).Wherein, device authentication public key is for example in the step s 21 by intermediate server
2 generate.Then, in step s 27, the encryption information generated in step S26 is sent to user terminal 1.
Wherein, in the example shown in Fig. 2, it is encrypted using device authentication public key to using authentication secret,
But the application verification key generated in step s 24 can not also be encrypted, and directly in step s 27 will be not encrypted
Application verification key is sent to user terminal 1.Certainly, by being carried out using device authentication public key to using authentication secret
Encryption, to improve safety when transmitting application verification key between intermediate server 2 and user terminal 1.
In step s 13, the encryption information sent from intermediate server is received by user terminal.In addition, in intermediary service
In device 2 directly by not encrypted application verification key in the case where, in user terminal 1 receive from intermediate server 2 send
Application verification key.
In step S14, device authentication secret key and private key is utilized by user terminal 1, is added to what is sent from intermediate server 2
Confidential information (generating in step S26) is decrypted, to obtain application verification key.Wherein, for being carried out to encryption information
The device authentication secret key and private key of decryption, the device authentication secret key and private key for example, stored by step S11.In addition, being taken in centre
Be engaged in device 2 in directly by not encrypted application verification key in the case where, directly held without executing the decryption processing of step S14
Row step S15.
In turn, in step S15, the application verification key obtained in step S14 is stored in by user terminal 1.Wherein, exist
In intermediate server 2 directly by not encrypted application verification key in the case where, step S13 is stored in user terminal 1
In received application verification key.As described later, in user terminal 1, the application verification key be used to be sent to certification
The subscriber authentication key public key of server 3 is encrypted.
The application verification key stored respectively in user terminal 1, certificate server 3 is used to pass to from user terminal 1
The subscriber authentication key for giving certificate server 3 is encrypted and decrypted, so as to improve in user terminal 1 and authentication service
The safety of the subscriber authentication key transmitted between device 3.
As described above, intermediate server 2 is for example configured to the server or independence of manufacturer's management of user equipment 1
The server of third party's management of operation.Application verification key is generated by the high intermediate server 2 of reliability, so as into one
Step improves the safety of system as shown in Figure 1.
Back to Fig. 2, in step s 16, subscriber authentication key associated with user information is generated by user terminal 1.
Wherein, subscriber authentication key includes subscriber authentication key private key and subscriber authentication key public key.Herein, with subscriber authentication key
Associated user information can be the user information registered in certificate server in advance, be also possible to do not authenticating in advance
The user information registered in server 3.Wherein, the subscriber authentication key generated in step s 16 is opposite with each user information
It answers.
In step S17, the subscriber authentication key private key generated in step s 16 is stored by user terminal 1.Such as rear institute
It states, which is used to sign to the certification request for being sent to certificate server 3.
In step S18, corresponding application verification key is applied using with first by user terminal 1, it is close to user authentication
Key public key is encrypted, to obtain encryption information (the first encryption information).Wherein, application verification key is in step S15
The application verification key of storage.
In step S19, the encryption information generated in step S18 is sent to certificate server 3 by user terminal 1.
Wherein, it during transmitting the encryption information, can also be forwarded from user terminal 1 via intermediate server 2, to be sent to
Certificate server 3.
Back to Fig. 2, in step s 32, the first encryption information is received from user terminal 1 by certificate server 3.
Then, in step S33, corresponding application verification key pair first is applied using with first by certificate server 3
Encryption information is decrypted, to obtain subscriber authentication key public key associated with user information.Wherein, the application verification is close
Key is by intermediate server 2 generates and receives and stores in step S31 application verification key.
In turn, in step S34, the subscriber authentication key public key obtained in step S33 is associated with user information
Ground storage.Specifically, in subscriber authentication key public key obtained situation corresponding with the first user information, this first is used
Family information stores in association with subscriber authentication key public key.In turn, it is used in subscriber authentication key public key obtained and second
In the corresponding situation of family information, which is stored in association with subscriber authentication key public key.Wherein, with user
The associated user information of authentication key public key can notify from user terminal 1 to certificate server, such as close with user authentication
Key public key is sent together, or sends the information for indicating the relevance of the subscriber authentication key and the first user information.Recognize as a result,
Card server 3 is able to know that the subscriber authentication key public key obtained in step S33 is associated with which user information.In user
When certification, certificate server 3 can utilize the subscriber authentication key public key, to by user terminal 1 sign after certification request into
Row sign test, so as to realize user authentication.
As described above, recognizing when user terminal 1 is transmitted in user authentication to certificate server 3 for carrying out the user of sign test
It is close using the application verification for being generated by intermediate server 2 and being sent to user terminal 1 and certificate server 3 when demonstrate,proving public key
Key is encrypted and decrypted, so as to improve subscriber authentication key public key transmission safety.
As described above, associated with subscriber authentication key user information can be and register in certificate server in advance
User information can be the user information that do not register in certificate server 3 in advance.That is, the user information is not registered.
In this case, in embodiments of the present invention, the processing of user information associated with subscriber authentication key can be registered
It is carried out simultaneously with the processing for sending subscriber authentication key, so as to improve efficiency.In addition, for ease of description, will there is no thing
The user information first registered in certificate server 3 is known as user's registration information.
Specifically, in user terminal 1, the first encryption information for registering customers as information and generating in step S18 is sent out
Give certificate server 3.And then preferably, it in user terminal 1, also can use application verification key, user's registration believed
Breath is encrypted.Later, in user terminal 1, by encrypted user's registration information and generated in step S18 first plus
Confidential information is sent to certificate server 3.At this point, application verification key and use for being encrypted to subscriber authentication key public key
The first application in family terminal 1 is unique corresponding.
Correspondingly, in certificate server 3, user's registration information and the first encryption information are received from user terminal 1.So
Afterwards, in certificate server 3, as shown in step S33, the first encryption information received is utilized and the in user terminal 1
The unique corresponding application verification key of one application is decrypted, to obtain subscriber authentication key public key.In turn, certificate server
3 store subscriber authentication key public key obtained with the user's registration information received in association.Thereby, it is possible to complete pair
The registration of the user's registration information received, and subscriber authentication key can also be stored in association with the user's registration information
Public key.
In addition, being encrypted in user terminal 1 using application verification key pair user's registration information, and sending should
In the case where encrypted user's registration information, received together with the first encryption information in certificate server 3 from user terminal 1
The encrypted user's registration information.At this point, being tested using application in certificate server 3 encrypted user's registration information
Card key is decrypted, to obtain user's registration information.Then, by user's registration information obtained and subscriber authentication key
Public key stores in association.
As described above, using unique corresponding application verification key, being sent to certification to from user terminal 1 using with first
The user's registration information of server 3 is encrypted and decrypted, so as to improve user's registration information transmission safety.
By processing shown in Fig. 2, subscriber authentication key private key is stored in user terminal 1, in certificate server 3
Store subscriber authentication key public key.It is mentioned in the above description, the subscriber authentication key private key and subscriber authentication key
Public key is used to carry out the certification request sent by user terminal 1 signature and sign test.In the following, in conjunction with specific user authentication process
Explanation is unfolded.
When carrying out user authentication, certification request is generated in user terminal 1, and utilize to certification request generated
Subscriber authentication key private key is signed.Wherein, in certification request such as may include user information.In turn, user is whole
Certification request after signature is sent to certificate server 3 by end 1.
After certificate server 3 receives the certification request after signing, recognized using the user stored in certificate server 3
It demonstrate,proves public key and carries out sign test.There is no storage to be capable of the feelings of the successful subscriber authentication key public key of sign test in certificate server 3
Under condition, it is determined as user authentication failure.In the successful situation of sign test, it is possible to determine that for user authentication success.In addition, in sign test
In successful situation, can also further judge in the user information for including from the certification request that user terminal 1 is sent be
The no user information stored in association with the successful subscriber authentication key public key of sign test is consistent, only under unanimous circumstances, sentences
It is set to user authentication success.
In addition, in embodiments of the present invention, before user terminal 1 generates certification request, being sent to certificate server 3
Request, to obtain challenging value.That is, authentication server response sends challenging value in the request, to user terminal 1.At this point, user
In the certification request that terminal 1 generates, the challenging value obtained from certificate server may include.
Correspondingly, in certificate server 3, in the successful situation of sign test, can further judge from user terminal 1
Whether the challenging value for including in the certification request sent is consistent with the challenging value for being sent to user terminal 1, only in consistent feelings
Under condition, it is determined as user authentication success.
In addition, in embodiments of the present invention, user terminal 1 is sent in the certification request of certificate server can also be with
Comprising information such as fingerprint ID, passwords, correspondingly, the letter such as fingerprint ID, password for including in certification request in certificate server 3
In the case that breath meets defined condition, it is determined as user authentication success.
As described above, embodiment according to the present invention be applied to user terminal, certificate server, intermediate server and
The transfer approach of the key of system, when transmitting the second key in the first key pair generated by user terminal 1 using in
Between server 2 generate the second key pair, so as to further increase safety when user authentication.
In the following, illustrating the user terminal of embodiments of the present invention referring to Fig. 3.Fig. 3 is to indicate embodiment party of the invention
The functional block diagram of the user terminal of formula.
As shown in figure 3, user terminal 1 includes communication unit 11, storage unit 12 and processing unit 13.Wherein, user is whole
End 1 is, for example, the electronic equipment of mobile phone, tablet computer, PC etc., can send certification request to certificate server 3, from
And it is authenticated.
Communication unit 11 configures to send and receive information.Specifically, communication unit 11 can with intermediate server 2 and recognize
Card server 3 is communicated, to send and receive information with intermediate server 2 and certificate server 3.
For example, the first encryption information generated in step S18 shown in Fig. 2 is sent to certificate server by communication unit 11
3.In addition, communication unit 11 receives the first key of the second cipher key pair from intermediate server 2.
In addition, in embodiments of the present invention optionally, communication unit 11 receives third key pair from intermediate server 2
In first key.And then optionally, communication unit 11 receives the second key for utilizing third cipher key pair from intermediate server 2
The second encryption information encrypted to the first key of the second cipher key pair.
Storage unit 12 configures to store key.Specifically, storage unit 12 stores generates in step S16 shown in Fig. 2
First key centering first key.It is received by communication unit 11 from intermediate server 2 in addition, storage unit 12 is also stored
The second cipher key pair first key, to be encrypted in step S18 to the second key in first key pair.
In addition, in embodiments of the present invention optionally, storage unit 12 is also stored from intermediate server 2 received
The first key of three cipher key pairs.It is received as a result, in communication unit 11 from intermediate server 2 and utilizes the second of third cipher key pair
In the case where encrypted second encryption information of the first key of the second cipher key pair of key pair, the third key pair can be utilized
In first key be decrypted.
Processing unit 13 configures to carry out encrypting and decrypting processing, and can control communication unit 11 and storage unit 12.
Specifically, processing unit 13 generates first key pair associated with user information, and controls the storage of storage unit 12 first
The first key of cipher key pair.In addition, processing unit 13 utilizes the first of the second cipher key pair stored in storage unit 12
Key encrypts the second key of the first key centering generated by processing unit 13, to obtain the first encryption information.
Then, processing unit 13 controls communication unit 11 and first encryption information is sent to certificate server 3.
In addition, in embodiments of the present invention optionally, processing unit 13 will pass through the received third of communication unit 11
The first key of cipher key pair is stored to storage unit 12.In turn, in embodiments of the present invention optionally, by communication unit
After member 11 receives the first key encryption for second the second cipher key pair of key pair for utilizing third cipher key pair from intermediate server 2
The second encryption information in the case where, using the first key of the third cipher key pair stored in storage unit 12 to second plus
Confidential information is decrypted, to obtain the first key of the second cipher key pair.
Wherein, as described above, first key is to for example, subscriber authentication key, the first key of first key centering is to use
Family authentication key private key, the second key of the second cipher key pair are subscriber authentication key public key.But embodiments of the present invention
In, first key is to being not limited to subscriber authentication key, as long as key pair associated with user information, and first
Key pair is also not limited to unsymmetrical key, is also configured to be symmetric key.
In addition, as described above, the first key of first key centering and the second key to by user terminal 1 for being sent to
The certification request of certificate server 3 carries out signature and sign test.
Specifically, processing unit 13 generates certification request, and utilizes subscriber authentication key to certification request generated
Private key is signed.Wherein, in certification request such as may include user information.In turn, the control of processing unit 13 communication
Certification request after signature is sent to certificate server 3 by unit 11.
In addition, in embodiments of the present invention preferably, processing unit 13 is before generating certification request, control communication
Unit 11 sends certificate server 3 and requests, to obtain challenging value.That is, certificate server 3 is in response to the request, to user
Terminal 1 sends challenging value.At this point, processing unit 13 when generating certification request, can include to take in certification request from certification
The challenging value that business device obtains.In turn, processing unit 13 can also include fingerprint in certification request when generating certification request
The information such as ID, password.
In the following, illustrating the intermediate server of embodiments of the present invention referring to Fig. 4.Fig. 4 is to indicate implementation of the invention
The functional block diagram of the intermediate server of mode.Wherein, intermediate server is for example configured to the clothes of manufacturer's management of user equipment 1
The server of the third party of business device or independent operation management, therefore reliability is relative to user terminal 1 or certificate server
3 is high.
As shown in figure 4, intermediate server 2 includes processing unit 21 and communication unit 22.
The configuration of processing unit 21 applies corresponding second key pair with first to generate.Wherein, the second key pair is, for example,
Application verification key, and it is configured to the first key and the identical symmetric key of the second key of the second cipher key pair.But
In embodiments of the present invention, the second key pair is not limited to application verification key, as long as with being able to carry out in user terminal 1
The corresponding key pair of application (for example, first application), and the second key pair is also not limited to be symmetric key.As after
It is described, in user terminal 1, using the first key of the second cipher key pair generated by intermediate server, authenticated to being sent to
Second key of the first key centering of server is encrypted, to improve safety when key transmission.In authentication service
In device 3, the second key of the second cipher key pair can be utilized, the second key of encrypted first key centering is solved
It is close, to obtain the second key of first key centering.
It requests, generates corresponding with the first application in the generation for carrying out user terminal 1 in addition, processing unit 21 is able to respond
Second key pair can also generate the second key pair in the case where the condition as defined in meeting.In addition, the second key pair can be with
Each application in user terminal 1 uniquely corresponds to, and identical application verification key also can be generated.
In turn, in embodiments of the present invention optionally, processing unit 21 can also generate third key pair.Third is close
Key is device authentication secret key and private key, third cipher key pair to for example, device authentication key, the first key of third cipher key pair
The second key be device authentication public key.But in embodiments of the present invention, third key pair is not limited to equipment and tests
Demonstrate,prove key, as long as key pair associated with user terminal 1, and third key pair be also not limited to it is asymmetric close
Key is also configured to be symmetric key.
In addition, in embodiments of the present invention optionally, processing unit 21 utilizes the second key of third cipher key pair,
The first key for the second cipher key pair for being sent to user terminal 1 is encrypted.In user terminal 1, third key is utilized
The first key of encrypted second cipher key pair is decrypted in the first key of centering, to obtain the second cipher key pair
First key.
Back to Fig. 4, the first key of the second cipher key pair generated by processing unit 21 is sent to by communication unit 22
User terminal 1, and the second key of the second cipher key pair is sent to certificate server.
In addition, in the second key by processing unit 21 using third cipher key pair, to being sent to the second of user terminal 1
The first key of cipher key pair is encrypted, so that communication unit 22 is to user terminal 1 in the case where obtaining the second encryption information
Send encrypted second encryption information.In turn, in the case where generating third key pair by processing unit 21, communication unit 22
The first key of third cipher key pair is sent to user terminal 1.As a result, in user terminal 1, it can utilize from intermediary service
The first key of the received third cipher key pair of device 2, is decrypted the second encryption information sent from communication unit 22, thus
Obtain the first key of the second cipher key pair.
In the following, illustrating the certificate server of embodiments of the present invention referring to Fig. 5.Fig. 5 is to indicate implementation of the invention
The functional block diagram of the certificate server of mode.
As shown in figure 5, certificate server 3 includes communication unit 31, storage unit 32 and processing unit 33.Wherein, it authenticates
Server 3 can carry out sign test to from the certification request after the received signature of user terminal 1, to realize user authentication process.
Communication unit 31 configures to send and receive information.Specifically, communication unit 31 can be with user terminal 1 and centre
Server 2 is communicated, to send and receive information with user terminal 1 and intermediate server 2.
Specifically, the first encryption information for carrying out user terminal 1 is received in the step S32 shown in Fig. 2 of communication unit 31.
In addition, in embodiments of the present invention, receiving in the step S31 shown in Fig. 2 of communication unit 31 from intermediate server 2
Second key of the second cipher key pair.
Storage unit 32 configures to store key.Specifically, the storage of storage unit 32 is by communication unit 31 received second
Second key of cipher key pair.In addition, storage unit 32 also store the first key centering generated by user terminal 1 it is second close
Key.
Processing unit 33 configures to be decrypted, and can control communication unit 31 and storage unit 32.Specifically
Ground, processing unit 33 are carried out using the second key of the second cipher key pair to by received first encryption information of communication unit 31
Decryption, to obtain the second key of first key centering, and then by the second key storage of first key centering obtained
To storage unit 32.
In addition, as described above, the first key of first key centering and the second key to by user terminal 1 for being sent to
The certification request of certificate server 3 carries out signature and sign test.
Specifically, in the case where the certification request after communication unit 13 receives signature from user terminal 1, processing unit
33 carry out sign test using the second key in the first key pair stored in storage unit 32.Do not have in certificate server 3
Storage can be determined as user authentication failure in the case where the second key of the successful first key centering of sign test.Sign test at
In the case where function, it is possible to determine that for user authentication success.
In addition, in the case where including user information in the certification request for carrying out user terminal 1, using in storage unit
When second key of the first key centering stored in 32 carries out sign test success, processing unit 33 can also further judge from
Whether the user information for including in the certification request that user terminal 1 is sent is related to the successful subscriber authentication key public key of sign test
The user information of connection ground storage is consistent, only under unanimous circumstances, is determined as user authentication success.
And then preferably, the request for carrying out user terminal 1 that processing unit 33 is received in response to communication unit 31 generates
Challenging value simultaneously controls communication unit 31 and is sent to user terminal.At this point, processing unit 33 is in the successful situation of sign test, Ke Yijin
One step judge the challenging value for including from the certification request that user terminal 1 is sent whether be sent to choosing for user terminal 1
War value is consistent, only under unanimous circumstances, is determined as user authentication success.In embodiments of the present invention optionally, it handles
In the case that the information such as fingerprint ID, the password that unit 33 only includes in certification request meet defined condition, it is determined as user
It authenticates successfully.
As described above, the user terminal 1 of embodiment according to the present invention, certificate server 2, intermediate server 3 and
System shown in FIG. 1 including user terminal 1, certificate server 2 and intermediate server 3, is generated in transmission by user terminal 1
Using the second key pair generated by intermediate server 2 when the second key of first key centering, so as to further increase
Safety when user authentication.
Those of ordinary skill in the art may be aware that being incorporated in each unit and step of embodiments of the present invention description
Suddenly, it can be realized with electronic hardware, computer software, or a combination of the two.And software module can be placed in arbitrary form
Computer storage medium in.In order to clearly illustrate the interchangeability of hardware and software, in the above description according to function
Each exemplary composition and step can be generally described.These functions are implemented in hardware or software actually, are depended on
In the specific application and design constraint of technical solution.Those skilled in the art can use not each specific application
Described function is realized with method, but such implementation should not be considered as beyond the scope of the present invention.
Each embodiment of the invention has been described in detail above.However, it should be appreciated by those skilled in the art that not
In the case where being detached from the principle and spirit of the invention, these embodiments can be carry out various modifications, combination or sub-portfolio, and
Such modification should be fallen within the scope of the present invention.
Claims (21)
1. a kind of transfer approach of key, is applied to user terminal, the transfer approach includes:
Generate first key pair associated with user information;
Store the first key of first key centering associated with user information;
Using with the first key of the first corresponding second cipher key pair of application to the second key of the first key centering into
Row encryption, obtains the first encryption information;
First encryption information is sent to certificate server,
Wherein, the first key of the first key centering is for signing to the certification request sent by user terminal, institute
State the second key of first key centering in the certificate server to the certification request progress after the received signature of institute
Sign test,
Second key pair be generated by intermediate server in the user terminal first apply corresponding key pair, institute
The first key for stating the second cipher key pair is sent to the user terminal by the intermediate server.
2. transfer approach as described in claim 1, further includes:
Receive the second encryption information sent by the intermediate server, wherein second encryption information is the intermediate clothes
Business device encrypts to obtain using the first key of the second key pair the second cipher key pair generated of third cipher key pair;
Second encryption information is decrypted using the first key of third cipher key pair, obtains second cipher key pair
First key.
3. transfer approach as claimed in claim 2, further includes:
Obtain the first key of the third cipher key pair generated by the intermediate server;
The first key of the acquired third cipher key pair of storage.
4. transfer approach as described in claim 1, wherein
Second key pair and the first application in user terminal are unique corresponding,
The transfer approach further include:
Register customers as information and first encryption information be sent to the certificate server so that the first key pair with
The user's registration information is associated, wherein by the user's registration information and the first key in the certificate server
Second key of centering stores in association.
5. transfer approach as claimed in claim 4, further includes:
The user's registration information is encrypted using the first key of second cipher key pair,
It is correspondingly, described to register customers as information and first encryption information is sent to the certificate server, comprising:
Encrypted user's registration information and first encryption information are sent to the certificate server.
6. a kind of transfer approach of key, is applied to certificate server, the transfer approach includes:
The first encryption information is received from user terminal;
It is decrypted using with the first encryption information described in the second key pair of the first corresponding second cipher key pair of application, thus
The second key of first key centering associated with user information is obtained,
Wherein, the second key of the first key centering in the certificate server to recognizing after received signature
Card request carries out sign test,
Second key pair be generated by intermediate server in the user terminal first apply corresponding key pair, institute
The second key for stating the second cipher key pair is sent to the certificate server by the intermediate server.
7. transfer approach as claimed in claim 6, further includes:
Obtain and store the second key of the second cipher key pair generated by the intermediate server.
8. transfer approach as claimed in claim 6,
Second key pair and the first application in user terminal are unique corresponding,
The transfer approach further include:
User's registration information and first encryption information are received from user terminal, so that the first key pair and the user
Registration information is associated;
Second key of first key centering and the user's registration information are stored in association.
9. transfer approach as claimed in claim 8, further includes:
User's registration information described in the second key pair using second cipher key pair is decrypted,
Correspondingly, user's registration information and first encryption information are received from user terminal, comprising:
Encrypted user's registration information and first encryption information are received from user terminal.
10. a kind of transfer approach of key, is applied to intermediate server, the transfer approach includes:
It generates and applies corresponding second key pair with first;
The first key of second cipher key pair is sent to user terminal;
Second key of second cipher key pair is sent to certificate server,
Wherein, the first key of second cipher key pair is in the user terminal to the of transmitted first key centering
Two keys are encrypted, and the second key of second cipher key pair is used in certificate server the first encryption received to institute
Information is decrypted;
The first key of the first key centering is for signing to the certification request sent by user terminal, and described first
Second key of cipher key pair in the certificate server to institute received signature after certification request progress sign test.
11. transfer approach as claimed in claim 10, wherein
In the step of first key of second cipher key pair is sent to user terminal,
It is encrypted using the first key of second the second cipher key pair of key pair of third cipher key pair, is added to obtain second
Confidential information;
Second encryption information is sent to user terminal,
The first key of second cipher key pair passes through in the user terminal using the first key of third cipher key pair to institute
The second encryption information is stated to be decrypted and obtain.
12. transfer approach as claimed in claim 11, further includes:
Generate third key pair;
The first key of third cipher key pair is distributed into user terminal, stores the second key of third cipher key pair.
13. a kind of transfer approach of key, comprising:
It is generated by intermediate server and applies corresponding second key pair with first;
The first key of second cipher key pair is sent to user terminal, the second key of second cipher key pair is sent out
Give certificate server;
First key pair associated with user information is generated by user terminal;
Using with the first key of the first corresponding second cipher key pair of application to the second key of the first key centering into
Row encryption, obtains the first encryption information, and first encryption information is sent to certificate server;
In the certificate server, the first encryption information is received from user terminal, it is close using corresponding with the first application second
First encryption information described in second key pair of key centering is decrypted, to obtain first key associated with user information
Second key of centering,
Wherein, the first key of the first key centering is for signing to the certification request sent by user terminal, institute
State the second key of first key centering in the certificate server to the certification request progress after the received signature of institute
Sign test.
14. transfer approach as claimed in claim 13, wherein
In the step of first key of second cipher key pair is sent to user terminal,
It is encrypted using the first key of second the second cipher key pair of key pair of third cipher key pair, is added to obtain second
Confidential information;
Second encryption information is sent to user terminal,
The transfer approach further include:
In the user terminal, the second encryption information sent by the intermediate server is received;
Second encryption information is decrypted using the first key of third cipher key pair, obtains second cipher key pair
First key.
15. transfer approach as claimed in claim 14, wherein
In the intermediate server, third key pair is generated;
The first key of third cipher key pair is distributed into user terminal, stores the second key of third cipher key pair.
16. transfer approach as claimed in claim 13, wherein
Second key pair and the first application in user terminal are unique corresponding,
The transfer approach further include:
In the user terminal, it registers customers as information and first encryption information is sent to the certificate server, so that institute
It is associated to the user's registration information to state first key;
In certificate server, user's registration information and first encryption information are received from user terminal;
Second key of first key centering and the user's registration information are stored in association.
17. transfer approach as claimed in claim 16, further includes:
In the user terminal, the user's registration information is encrypted using the first key of second cipher key pair,
It is correspondingly, described to register customers as information and first encryption information is sent to the certificate server, comprising:
Encrypted user's registration information and first encryption information are sent to the certificate server,
In certificate server, user's registration information described in the second key pair using second cipher key pair is decrypted,
Correspondingly, user's registration information and first encryption information are received from user terminal, comprising:
Encrypted user's registration information and first encryption information are received from user terminal.
18. a kind of user terminal, comprising:
Communication unit configures to send and receive information;
Storage unit configures to store key;
Processing unit configures to generate first key pair associated with user information, will associated with user information first
The first key storage of cipher key pair is configured to storage unit to utilize and the first corresponding second cipher key pair of application
First key encrypts the second key of the first key centering, obtains the first encryption information, controls the communication unit
First encryption information is sent to certificate server by member,
Wherein, the first key of the first key centering is for signing to the certification request sent by user terminal, institute
State the second key of first key centering in the certificate server to the certification request progress after the received signature of institute
Sign test, second key pair be generated by intermediate server in the user terminal first apply corresponding key pair,
The processing unit will be stored to described by the first key of received second cipher key pair of the communication unit and be deposited
Storage unit.
19. a kind of certificate server, comprising:
Communication unit configures to send and receive information;
Storage unit configures to store key;
Processing unit configures to utilize with the second key pair of the first corresponding second cipher key pair of application by the communication unit
It is decrypted from received first encryption information of user terminal, to obtain first key centering associated with user information
Second key, and by the second key storage of the first key centering to the storage unit,
Wherein, the second key of the first key centering in the certificate server to recognizing after received signature
Card request carry out sign test, second key pair be generated by intermediate server in the user terminal first apply it is corresponding
Key pair,
The processing unit by by the communication unit from received second cipher key pair of the intermediate server second
Key storage is to the storage unit.
20. a kind of intermediate server, comprising:
Processing unit, configuration apply corresponding second key pair with first to generate;
Communication unit, the first key of second cipher key pair is sent to user terminal by configuration, by second key
Second key of centering is sent to certificate server,
Wherein, the first key of second cipher key pair is in the user terminal to the of transmitted first key centering
Two keys are encrypted, and the second key of second cipher key pair is used in certificate server the first encryption received to institute
Information is decrypted;
The first key of the first key centering is for signing to the certification request sent by user terminal, and described first
Second key of cipher key pair in the certificate server to institute received signature after certification request progress sign test.
21. a kind of system for user authentication, including intermediate server, user terminal and certificate server, wherein
The intermediate server includes:
First processing units, configuration apply corresponding second key pair with first to generate;
First communication unit, the first key of second cipher key pair is sent to user terminal by configuration, by described second
Second key of cipher key pair is sent to certificate server,
The user terminal includes:
Second communication unit configures to send and receive information;
The second processing unit configures to generate first key pair associated with user information, corresponding using applying with first
The first key of second cipher key pair encrypts the second key of the first key centering, obtains the first encryption information,
And it controls second communication unit and first encryption information is sent to certificate server,
The certificate server includes:
Third communication unit configures to send and receive information;
Third processing unit configures to utilize with the second key pair of the first corresponding second cipher key pair of application by the third
Received first encryption information of communication unit is decrypted, to obtain first key centering associated with user information
The second key,
Wherein, the first key of the first key centering is for signing to the certification request sent by user terminal, institute
State the second key of first key centering in the certificate server to the certification request progress after the received signature of institute
Sign test.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511001471.5A CN105554008B (en) | 2015-12-28 | 2015-12-28 | User terminal, certificate server, intermediate server, system and transfer approach |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511001471.5A CN105554008B (en) | 2015-12-28 | 2015-12-28 | User terminal, certificate server, intermediate server, system and transfer approach |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105554008A CN105554008A (en) | 2016-05-04 |
| CN105554008B true CN105554008B (en) | 2018-12-14 |
Family
ID=55832942
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511001471.5A Active CN105554008B (en) | 2015-12-28 | 2015-12-28 | User terminal, certificate server, intermediate server, system and transfer approach |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105554008B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106648770B (en) * | 2016-12-09 | 2020-03-17 | 武汉斗鱼网络科技有限公司 | Generation method, loading method and device of application program installation package |
| CN107493281A (en) * | 2017-08-16 | 2017-12-19 | 海信集团有限公司 | encryption communication method and device |
| CN107911393B (en) * | 2017-12-28 | 2019-01-25 | 北京明朝万达科技股份有限公司 | A kind of data safety management system and method |
| CN109600231B (en) * | 2018-12-05 | 2021-10-29 | 深圳市琦迹技术服务有限公司 | Data security communication system and method |
| CN109660534B (en) * | 2018-12-15 | 2022-01-28 | 平安科技(深圳)有限公司 | Multi-merchant-based security authentication method and device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640590A (en) * | 2009-05-26 | 2010-02-03 | 深圳市安捷信联科技有限公司 | Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof |
| CN103684798A (en) * | 2013-12-31 | 2014-03-26 | 南京理工大学连云港研究院 | Authentication system used in distributed user service |
| CN103763631A (en) * | 2014-01-07 | 2014-04-30 | 青岛海信信芯科技有限公司 | Authentication method, server and television |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008146667A1 (en) * | 2007-05-24 | 2008-12-04 | Nec Corporation | Anonymous authenticating system and anonymous authenticating method |
| CN102811211A (en) * | 2011-05-30 | 2012-12-05 | 索尼公司 | Device supporting login certification and method for login certification |
-
2015
- 2015-12-28 CN CN201511001471.5A patent/CN105554008B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640590A (en) * | 2009-05-26 | 2010-02-03 | 深圳市安捷信联科技有限公司 | Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof |
| CN103684798A (en) * | 2013-12-31 | 2014-03-26 | 南京理工大学连云港研究院 | Authentication system used in distributed user service |
| CN103763631A (en) * | 2014-01-07 | 2014-04-30 | 青岛海信信芯科技有限公司 | Authentication method, server and television |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105554008A (en) | 2016-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10003582B2 (en) | Technologies for synchronizing and restoring reference templates | |
| KR101237632B1 (en) | Network helper for authentication between a token and verifiers | |
| CN109728909B (en) | Identity authentication method and system based on USBKey | |
| EP2639997B1 (en) | Method and system for secure access of a first computer to a second computer | |
| US11336641B2 (en) | Security enhanced technique of authentication protocol based on trusted execution environment | |
| CN105554008B (en) | User terminal, certificate server, intermediate server, system and transfer approach | |
| KR102177848B1 (en) | Method and system for verifying an access request | |
| AU2017354083A1 (en) | Verifying an association between a communication device and a user | |
| KR20070057871A (en) | Method of authentication based on polynomials | |
| CN112543166B (en) | Real name login method and device | |
| WO2018021708A1 (en) | Public key-based service authentication method and system | |
| CN104935441A (en) | Authentication method and relevant devices and systems | |
| CN104412273A (en) | Method and system for activation | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN104917807A (en) | Resource transfer method, apparatus and system | |
| CN108206739A (en) | Key generation method and device | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
| KR101113446B1 (en) | System and method for transmiting certificate to mobile apparatus and system and method for transmiting and certifying data using multi-dimensional code | |
| KR101792220B1 (en) | Method, mobile terminal, device and program for providing user authentication service of combining biometric authentication | |
| WO2015109958A1 (en) | Data processing method based on negotiation key, and mobile phone | |
| KR101204980B1 (en) | Method and System of One-Time Password Authentication Scheme Provide Enhanced Randomness | |
| TW201723948A (en) | Offline payment method, terminal equipment, backstage payment device and offline payment system | |
| CN107409043A (en) | Distributed treatment of the data storage based on center encryption to product | |
| EP3035589A1 (en) | Security management system for authenticating a token by a service provider server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |