CN106302352A - A kind of method and apparatus of new digital certificate application - Google Patents
A kind of method and apparatus of new digital certificate application Download PDFInfo
- Publication number
- CN106302352A CN106302352A CN201510300171.0A CN201510300171A CN106302352A CN 106302352 A CN106302352 A CN 106302352A CN 201510300171 A CN201510300171 A CN 201510300171A CN 106302352 A CN106302352 A CN 106302352A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- digital
- converter
- user
- middle device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides the method and apparatus of a kind of new digital certificate application.By introducing novel quadrature digital up-converter middle device;While meeting digital certificate authentication; realize the compatibility to other reliable authentication means such as dynamic password, SMS, living things feature recognition, second channel certifications; break away from the tradition trust systems dependence to digital certificate terminal security medium; and organically combine digital certificate technique advantage in terms of sensitive information protection and the property of can not be substituted in terms of confirmation of responsibility thereof, collectively form new generation network foundation of trust facility.Greatly breach current network and trust the limitation of security system, solve cost-effectively quadrature digital up-converter under the complex network environments such as at present different use crowd, multiple intelligent terminal, all kinds of transmission network, differentiated service forms etc. many puzzlement industries key issue for many years, consolidate and improve new generation network foundation of trust establishment construct.
Description
Technical field
The invention provides a kind of method and apparatus providing new digital certificate to apply.By introducing novel quadrature digital up-converter middle device;While meeting digital certificate authentication; realize the compatibility to other reliable authentication means such as dynamic password, SMS, living things feature recognition, second channel certifications; break away from the tradition trust systems dependence to digital certificate terminal security medium; and organically combine digital certificate technique advantage in terms of sensitive information protection and the property of can not be substituted in terms of confirmation of responsibility thereof, collectively form new generation network foundation of trust facility.Greatly breach current network and trust the limitation of security system, solve cost-effectively quadrature digital up-converter under the complex network environments such as at present different use crowd, multiple intelligent terminal, all kinds of transmission network, differentiated service forms etc. many puzzlement industries key issue for many years, consolidate and improve new generation network foundation of trust establishment construct.
Background technology
Under the situation of current web universe great development, the features such as Network Mobility, Internet of Things networking, terminal variation, popular, the cloud service of network application increasingly highlight, but, legacy network foundation of trust facility with digital certificate technique as core locks into several key issue the most always, entirety rests under traditional support system pattern, it is difficult to adapt to day by day complicated network environment;First, apply realization to smooth with mobile network to dock and migrate by having tended to network trust infrastructure ripe, with digital certificate as core on conventional internet the most cost-effectively, this problem is directly related to the mobile of conventional internet application, has profound influence to the further in-depth of mobile Internet is universal;Secondly, for individual's public user, how on the premise of ensureing Digital Certificate Security application system, economy solves individual's public user Digital Certificate Security storage and the problem used easily, is that digital certificate industry develops another major issue that must solve further.The Digital Certificate Security storage medium of current main-stream cost, issue, there is a set threshold and deficiency in the aspect such as use, current application is the most also limited to specific industry and enterprise, but, the most wide public's application and public user, because it is completely in public environment more lacks foundation of trust, often with greater need for the network trust infrastructure with digital certificate technique as core;3rd, under including the most diversified situation of the subscriber network terminal such as mobile phone, pc, pad, how by sharing the correlation function of user identity digital certificate and secure storage medium thereof between user multiple terminals secure and trusted, realize the multiple terminals integral application of user identity digital certificate, avoid affecting concordance and the uniqueness of user's trusted identity because of the difference of the used terminal of user, meet the principles and requirements of service environment customer-centric;4th, under the situation that Internet of Things application is more universal, how in the case of various internet-of-things terminal abilities and communication protocol are limited, realize network trust guarantee, ensure the network trust guarantee under the whole network environment including Internet of Things, avoiding short-board effect, this is also the Basic Problems of puzzle industry;5th, in the face of current network application cloud increasingly, existing take, for technical network foundation of trust facility, the key issue that the most supporting Yun Huaye of realization is current industry development with digital certificate technique;6th, for a long time, the technology opposition such as digital certificate technique and such as dynamic token, SMS, living things feature recognition, second channel certification are got up, are striven length mutually always by industry.For reality, with regard to this link of authentication, digital certificate technique is not outshined othersOne branch of the tree is particularly thriving, and even there is likely to be inferior position under concrete application scenarios;But, digital certificate technique is as complete network trust security system, a kind of method that should seek combination, use its chief, above-mentioned technological means is included in the complete network based on digital certificate technique and trusts in security system, realize improving and surmounting of self, preferably serve day by day complicated network world.Such as, in cipher envelope technology, it is exactly a typical example by the combination of digital certificate technique Yu conventional symmetrical cryptographic technique;Above-mentioned Railway Project puzzlement digital certificate industry for many years, is the most effectively solved.The proposition of the present invention is based on this background;The purpose of the present invention is exactly the key issue solving the quadrature digital up-converter under current complex network environment cost-effectively, meets the network world requirement to network trust safety guarantee under the new situation, consolidates and improves new generation network foundation of trust establishment construct.
Summary of the invention
The present invention relates to the content of many aspects, specific as follows: to the invention provides a kind of method providing new digital certificate to apply.By in other reliable authentication means such as certification link compatibility dynamic password, SMS, living things feature recognition, second channel certifications; break away from tradition trust systems to digital certificate particular terminal secure storage medium rely on while; organically combine digital certificate technique advantage in terms of sensitive information protection and the property of can not be substituted in terms of confirmation of responsibility thereof, common structure new generation network trust systems.
Accompanying drawing explanation
Fig. 1 is system structure schematic diagram.By introducing novel quadrature digital up-converter middle device, user or equipment can pass through dynamic password thereon, SMS, living things feature recognition, other reliable authentication means such as second channel certification realize authentication, break away from the tradition trust systems dependence to digital certificate terminal security medium, the digital certificate related service that user is corresponding is called again by quadrature digital up-converter middle device, digital certificate technique advantage in terms of sensitive information protection and the property of can not be substituted in terms of confirmation of responsibility thereof are organically combined with other convenient reliable authentication means, collectively form new generation network foundation of trust facility.Adapt to the needs of quadrature digital up-converter under the complex network environments such as current different use crowd, multiple intelligent terminal, all kinds of transmission network, differentiated service forms;Fig. 2 be whole invoked procedure call schematic diagram.The procedure declaration of this figure and figure below is intended merely to the principle of the signal present invention, and do not represent the present invention uniquely realizes flow process, as long as meeting the spirit of the present invention, is accordingly to be regarded as within the scope of right expression of the presently claimed invention;Fig. 3 is that the illustrative view of functional configuration of quadrature digital up-converter middle device includes quadrature digital up-converter middle device self and operates in end side and the client software of cert services side.
Claims (8)
1. the invention provides a kind of method providing new digital certificate to apply; it is characterized in that: by introducing quadrature digital up-converter middle device; in other reliable authentication means such as certification link compatibility dynamic password, SMS, living things feature recognition, second channel certifications; break away from tradition trust systems digital certificate particular terminal secure storage medium is relied on; simultaneously; organically combine digital certificate technique advantage in terms of sensitive information protection and the property of can not be substituted in terms of confirmation of responsibility thereof, common structure new generation network trust systems.
2. a kind of method that the invention provides novel mobile digital certificate application, it is characterized in that: in the case of not requiring customer mobile terminal to support Credential-Security storage medium and certificate GL, the dynamic password that user is supported by mobile terminal, SMS, living things feature recognition, the reliable authentication hands section such as second channel certification, after accessing quadrature digital up-converter middle device and realizing authentication, connected by quadrature digital up-converter middle device again and use the customer digital certificate on online host equipment and repertoire thereof, build network trust security system complete under mobile network environment, its typical case's application scenarios includes that doctor moves and makes the rounds of the wards, enterprise mobile working etc..
3. the invention provides a kind of method of quadrature digital up-converter under novel environment of internet of things;It is characterized in that: in the case of not requiring Internet-of-things terminal intelligent equipment to support Credential-Security storage medium and certificate GL, authentication means by applicable Internet-of-things terminal intelligent equipment, after accessing quadrature digital up-converter middle device and realizing authentication, connected by quadrature digital up-converter middle device again and use the customer digital certificate on online host equipment and repertoire thereof, network trust security system complete under construction networked environment, its typical case's application scenarios includes Smart Home, intelligent monitoring.
4. the invention provides a kind of method of quadrature digital up-converter integration under novel multiple users, it is characterized in that: user has computer simultaneously, hands machine, during the different intelligent terminals such as pad, the dynamic password that user is supported by different intelligent terminal, SMS, living things feature recognition, the reliable authentication hands section such as second channel certification, after accessing quadrature digital up-converter middle device and realizing authentication, connected by quadrature digital up-converter middle device again and use the customer digital certificate on online host equipment and repertoire thereof, realize realizing concordance and the integration of customer digital certificate under the conditions of user multiple terminals, avoid because a multiple identity of user (multiple digital certificate) occurs in multiple terminals.
5. the invention provides a kind of novel quadrature digital up-converter cloud service method, it is characterized in that: user is by the reliable authentication means such as dynamic password, SMS, living things feature recognition, second channel certification, after accessing quadrature digital up-converter middle device and realizing authentication, connected by quadrature digital up-converter middle device again and use the customer digital certificate on online host equipment and repertoire thereof, do not rely on specific Credential-Security storage medium, provide the user high in the clouds digital certificate related service.
6. the invention provides the simple and easy method of a kind of novel quadrature digital up-converter, it is characterized in that: in the case of not requiring user intelligent terminal to support certificate specific secure storage medium and certificate GL, user passes through intelligent terminal, with dynamic password, SMS, living things feature recognition, after the reliable authentication means such as second channel certification access quadrature digital up-converter middle device and realize authentication, connected by quadrature digital up-converter middle device again and use the customer digital certificate on online host equipment and repertoire thereof, meet the network trust for ordinary populace user and popular application and ensure requirement.
7. the invention provides a kind of novel quadrature digital up-converter middle device, it is characterized in that: this device location is the middle device between Digital Certificate Security storage medium (containing digital certificate) and host and user terminal, its functional localization mainly includes two aspects, on the one hand realizing user or the reliable authentication of terminal unit, specific means can be any reliable identity identifying technologies such as digital certificate, dynamic password, SMS, living things feature recognition, second channel certification;On the other hand it is after certification is passed through, proxy user or terminal unit call the correlation function of the Digital Certificate Security storage medium (containing digital certificate) on coupled host online, and its composition includes quadrature digital up-converter middle device and operates in the corresponding client software of subscriber terminal side and cert services side and collectively constitute.
8. the intelligent terminal that the present invention relates to, it is characterised in that: include but not limited to smart mobile phone, pad, Internet of Things intelligence sensor or other special purpose intelligent terminals;Online host equipment may include but be not limited to user computer, unit/home server, work station, encryption equipment, smart mobile phone etc.;Customer digital certificate on host equipment can be stored in encryption equipment, USBKey, SDKey, SIMKey, hard disc of computer or other safety storage apparatus, finally, the present invention relates to a kind of new design thought and method, do not limited by implementing technology, equipment form and deployment way.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510300171.0A CN106302352A (en) | 2015-06-05 | 2015-06-05 | A kind of method and apparatus of new digital certificate application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510300171.0A CN106302352A (en) | 2015-06-05 | 2015-06-05 | A kind of method and apparatus of new digital certificate application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106302352A true CN106302352A (en) | 2017-01-04 |
Family
ID=57656457
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510300171.0A Pending CN106302352A (en) | 2015-06-05 | 2015-06-05 | A kind of method and apparatus of new digital certificate application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106302352A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111953493A (en) * | 2019-05-16 | 2020-11-17 | 上海铠射信息科技有限公司 | Novel portable digital certificate application method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102970141A (en) * | 2012-11-30 | 2013-03-13 | 国泰君安证券股份有限公司 | Client identity authorization system and method |
CN103051453A (en) * | 2012-12-17 | 2013-04-17 | 连连银通电子支付有限公司 | Digital certificate-based mobile terminal network security trading system and digital certificate-based mobile terminal network security trading method |
CN104052713A (en) * | 2013-03-11 | 2014-09-17 | 李华 | Novel network trust guarantee service method and device |
US20150142670A1 (en) * | 2013-11-20 | 2015-05-21 | Sue Zloth | Systems and methods for software based encryption |
-
2015
- 2015-06-05 CN CN201510300171.0A patent/CN106302352A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102970141A (en) * | 2012-11-30 | 2013-03-13 | 国泰君安证券股份有限公司 | Client identity authorization system and method |
CN103051453A (en) * | 2012-12-17 | 2013-04-17 | 连连银通电子支付有限公司 | Digital certificate-based mobile terminal network security trading system and digital certificate-based mobile terminal network security trading method |
CN104052713A (en) * | 2013-03-11 | 2014-09-17 | 李华 | Novel network trust guarantee service method and device |
US20150142670A1 (en) * | 2013-11-20 | 2015-05-21 | Sue Zloth | Systems and methods for software based encryption |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111953493A (en) * | 2019-05-16 | 2020-11-17 | 上海铠射信息科技有限公司 | Novel portable digital certificate application method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104378210B (en) | Across the identity identifying method of trust domain | |
CN104113552B (en) | A kind of platform authorization method, platform service end and applications client and system | |
CN104113551B (en) | A kind of platform authorization method, platform service end and applications client and system | |
EP2391083B1 (en) | Method for realizing authentication center and authentication system | |
CN109525570A (en) | A kind of data hierarchy safety access control method of Cargo Oriented on Group client | |
CN113114632B (en) | Can peg graft formula intelligence financial auditing platform | |
CN108123795A (en) | Distributing method, application process, publishing platform and the system of quantum key chip | |
CN102377788A (en) | Single sign-on (SSO) system and single sign-on (SSO) method | |
CN106713236A (en) | End-to-end identity authentication and encryption method based on CPK identifier authentication | |
CN105075219A (en) | Network system comprising a security management server and a home network, and method for including a device in the network system | |
CN104579687A (en) | CSP implementation based on USBKEY | |
CN102571874B (en) | On-line audit method and device in distributed system | |
Chinnasamy et al. | A scalable multilabel‐based access control as a service for the cloud (SMBACaaS) | |
CN107566393A (en) | A kind of dynamic rights checking system and method based on trust certificate | |
Chang et al. | User authentication in cloud computing | |
CN106789845A (en) | A kind of method of network data security transmission | |
CN106302352A (en) | A kind of method and apparatus of new digital certificate application | |
CN109802927A (en) | A kind of security service providing method and device | |
Chauhan | Iot network identity management using smart contract and blockchain technology | |
Binu et al. | A mobile based remote user authentication scheme without verifier table for cloud based services | |
CN113595877B (en) | Instant communication method based on block chain | |
CN109218318A (en) | A kind of things-internet gateway login detecting method based on equipment knowledge | |
CN106877996A (en) | User in PKI domains accesses the authentication key agreement method of the resource in IBC domains | |
CN103905376B (en) | A kind of method and system that two-way authentication is carried out based on OAUTH agreements | |
Fries et al. | Handling role-based access control in the digital grid |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170104 |