CN106612365A - A handset digital certificate subsystem, a system thereof and a method thereof - Google Patents

A handset digital certificate subsystem, a system thereof and a method thereof Download PDF

Info

Publication number
CN106612365A
CN106612365A CN201510696173.6A CN201510696173A CN106612365A CN 106612365 A CN106612365 A CN 106612365A CN 201510696173 A CN201510696173 A CN 201510696173A CN 106612365 A CN106612365 A CN 106612365A
Authority
CN
China
Prior art keywords
digital certificate
certificate subsystem
host module
module
subsystem
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201510696173.6A
Other languages
Chinese (zh)
Inventor
李京海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201510696173.6A priority Critical patent/CN106612365A/en
Publication of CN106612365A publication Critical patent/CN106612365A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

According to a handset digital certificate subsystem, a host machine module thereof is independently detachable in structure; meanwhile, a display screen module and a user input module of the handset digital certificate subsystem are integrated in a handset system, so that the digital certificate subsystem can be integrated in a handset to realize low cost broad sale and application. Meanwhile, applications of digital certificates issued by CAs are compatible, so that higher reliability and safety are realized.

Description

A kind of mobile phone digital certificate subsystem and its system and method
Technical field
The present invention relates to quadrature digital up-converter technical field, more particularly, to mobile phone digital certificate subsystem and its system and method.
Background technology
Communication times are being interconnected, digital certificate and its digital certificate subsystem are (such as USB Key digital certificate subsystems) it is widely used;Meanwhile, mobile communication technology, smart mobile phone technology also flourish, and are had a high potential based on the quadrature digital up-converter of smart mobile phone.
But existing digital certificate technique is analyzed, its digital certificate subsystem is but not suitable for being integrated in mobile phone;Existing digital certificate technique is not extensively applied in mobile phone;Its reason is analyzed, it is main as follows:
1st, existing digital certificate subsystem is (such as USB Key digital certificate subsystems), all it is the commercial encryption product that special control is especially managed by the CA and its application system that sign and issue digital certificate;From in flow process, its product design, each link such as produce, test, sell and use, there is strict safety certification specification;And must all pass through the safety certification of CA and national Third Party Authentication mechanism;
But when " digital certificate subsystem " will be integrated in mobile phone and extensively sell with mobile phone, then just there is important change in the safety certification demand and security authentication process of the digital certificate subsystem;
When digital certificate subsystem is integrated in mobile phone extensively sale, the safety certification of its each link of sale circulation, CA is difficult to control with national Third Party Authentication mechanism;So, by the requirement of existing digital certificate technique specification, CA cannot be registered in the digital certificate subsystem and be set up customer digital certificate;It is provable to ensure " CA is registered when setting up customer digital certificate in the digital certificate subsystem, and the digital certificate subsystem is the various specifications for meeting existing digital certificate technique " unless there are new technical scheme.
2nd, existing SIM digital certificate subsystem and SD card digital certificate subsystem, they can be integrated in cell phone system, but they are all without independent display panel module and independent user input module, " being all unable to the information data of Reliable guarantee number signature; be exactly the information data for wanting digital signature that user views on mobile phone display screen ", therefore, all there is potential safety hazard in them, no extensively to apply in mobile phone.
3rd, existing digital certificate subsystem (such as USB Key, SIM and SD card digital certificate subsystem), is all the commercial encryption product that special control is especially managed by the CA for signing and issuing digital certificate, and the digital certificate subsystem of each CA, independent development is incompatible;Therefore, by prior art, the digital certificate subsystem of existing each CA, difficult compatibility is integrated in cell phone system.
Based on problem and demand above, the present invention provides a kind of mobile phone digital certificate subsystem and its system and method, it is possible to resolve problem of the prior art above, digital certificate subsystem is set to merge integrated with cell phone system, mutually promote, reliability application realizes good results of the 1+1 more than 2.
The present invention is the improvements over the prior art innovation in prior art basis;The related content of lower prior art is described below:
1st, digital signature and its verification method
1)Digital signature
Message is first calculated a message digest by sender by the HASH algorithms of agreement(Also known as:HASH makes a summary);The message digest is encrypted with the private cipher key and rivest, shamir, adelman of sender again, the ciphertext for obtaining just is named " digital signature of the sender to the message ";Digital signature need to be used with the binding of former message, send jointly to recipient;
2)The verification method of digital signature
Recipient is received after digital signature and former message, and message digest is calculated to former message with same HASH algorithms, is abbreviated as A;Then " public-key cryptography in the digital certificate of sender " and " identical rivest, shamir, adelman " is used, the former message digest for obtaining is decrypted to digital signature, be abbreviated as B ";Relatively message digest A and message digest B;If the two is equal, digital signature authentication success illustrates message and digital signature from " owner of key disclosed in digital certificate ", that is, sender.
2、CA
CA, is Certification The abbreviation of Authority, is meant that:Certification authority;
CA is the special offer network ID authentication service using public-key cryptography basic technology, is responsible for signing and issuing and managing digital certificate, and with third party's trust authority of authoritative and fairness.Generally it is called and does digital certificate authentication center.
3rd, " SIS security identification subsystems ":It is a kind of digital certificate subsystem for being served only for security identification;
SIS is the abbreviation of Security identication subsystem.
4th, SOC: SYSTEM ON CHIP。
5th, download and set up
Herein, " download set up " definition be:Download in the memorizer of computer and store and apply.
The content of the invention
It is an object of the invention to provide a kind of mobile phone digital certificate subsystem and its system and its apparatus and its method, solve the problems referred to above present in existing digital certificate technique, digital certificate subsystem is set to be integrated in low cost extensively application in mobile phone;And while compatible " application of the digital certificate that each CA is signed and issued ";And it is more reliable safer.
The general plotting of the present invention, mainly:
1st, design a kind of " separated digital certificate subsystem ", in being integrated in mobile phone.It is characterized in that:During " display panel module and user input module of separated digital certificate subsystem " is integrated in cell phone system;But " host module of separated digital certificate subsystem " is in structure can be detached with mobile phone and its " digital certificate subsystem ";Its host module is connected with mobile phone and " display panel module and user input module of separated digital certificate subsystem " that be integrated in cell phone system by interface connector;
The separate type mobile telephone digital certificate subsystem, " authentication registration of the digital certificate subsystem in being integrated in mobile phone " is made, " authentication registration of the hardware simplicity circuit of digital certificate subsystem display module and user input module in being integrated in mobile phone " for facilitating implementation is reduced to;The mobile phone of integrated purification formula digital certificate subsystem " can " be set in the case of " being unworthy of digital certificate subsystem host module ", arbitrarily can extensively to sell and apply;
The separate type mobile telephone digital certificate subsystem host module, is, by national commercial cipher specification, to carry out independent design, production and selling.
2nd, " mobile phone of integrated purification formula digital certificate subsystem " is designed, makes the mobile phone can be by the integrated digital certificate subsystem of specification, again can be in the case of " being unworthy of digital certificate subsystem host module ", arbitrarily extensively sale and application.
3rd, " mobile phone of integrated purification formula digital certificate subsystem ", " the mobile phone SOC of integrated SIS security identification subsystem " can be used, for " the detection certification of the hardware simplicity circuit of digital certificate subsystem display module and user input module in being integrated in mobile phone ".Wherein, the mobile phone SOC is characterized in that:
1)SIS security identification subsystems in the mobile phone SOC, it is Jing Third Party Authentication agency qualifications, the computer subsystem with digital certificate subsystem software and hardware function, it includes " public key of the SOC information management platform " and " the setting up management module of the SOC identification key ", " unsymmetrical key pair is being generated in SIS security identification subsystems for management(Private key and public key);Wherein, the private key of generation is uniquely stored in SIS security identification subsystems, can not be derived, and as the recognition marks of the SOC;Wherein, the public key of generation can be exported, and be stored in the SOC information database with the ID data associations of SOC, for recognizing the certification SOC;
2)SIS security identification subsystems in the mobile phone SOC, although the function with digital certificate subsystem, but here be served only for recognize the SOC, so not being commercial encryption product, do not limited by commercial cipher specification;
3)The I/O circuit modules of the mobile phone SOC and function, are Jing Third Party Authentication agency qualifications, are full disclosures.According to the function of the I/O circuit modules of the SOC in disclosed mobile phone, by designing inspection software, it is capable of achieving to carry out safety certification detection to " the digital certificate subsystem display module being integrated in mobile phone and the hardware simplicity circuit of user input module and function ".
4th, the method and its authentication registration system of " separated digital certificate subsystem " authentication registration are designed, when registration is associated with " separated digital certificate subsystem host module " for " mobile phone of integrated purification formula digital certificate subsystem ", safety certification detection is carried out to " the digital certificate subsystem display module being integrated in mobile phone and the hardware simplicity circuit of user input module and function ".
5th, " management platform of mobile phone digital certificate subsystem " is designed, for managing " quadrature digital up-converter in mobile phone digital certificate subsystem ";And make the digital certificate and its application that the compatible each CA of mobile phone digital certificate subsystem signs and issues.
Below to the major part in present general inventive concept, it is described separately.
First, mobile phone digital certificate subsystem
1st, the present invention provides a kind of mobile phone digital certificate subsystem, and it is included:Digital certificate
The user input module of subsystem host module, the display panel module of digital certificate subsystem and digital certificate subsystem;It is characterized in that:Its " digital certificate subsystem host module " is in structure can be detached with " digital certificate subsystem ", is " host module of separated digital certificate subsystem ";Its " digital certificate subsystem host module " is included " interface connector of digital certificate subsystem host module ", in the interface of the interface connector, include " interface of the connection communication of ' digital certificate subsystem host module ' and ' the interconnection mainframe computer system of digital certificate subsystem ' ", include " connecting interface of ' digital certificate subsystem host module ' and ' the output display panel module of digital certificate subsystem ' ";
It is further characterized in that:Be somebody's turn to do " display panel module of digital certificate subsystem " and " interface connector matched with ' interface connector of the digital certificate subsystem host module ' ", it is integrated in " the interconnection mainframe computer system of the digital certificate subsystem ";
Wherein, it is to be connected with each other to communicate with " the interconnection mainframe computer system of the digital certificate subsystem " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ";Simultaneously, it is also to be connected with " ' display panel module of digital certificate subsystem ' that be integrated in ' the interconnection mainframe computer system of the digital certificate subsystem ' " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ", and output display information data;
Wherein, after " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " is connected to when " the separated digital certificate subsystem host module ", then being somebody's turn to do " the interconnection mainframe computer system of digital certificate subsystem " just includes one " complete digital certificate subsystem ", and can carry out based on the application of the digital certificate subsystem;
Wherein, " the interconnection mainframe computer system of digital certificate subsystem ", is " can with digital certificate subsystem connection communication, and can be with the computer system of the Internet connection communication ";It can be cell phone system, panel computer system, notebook-computer system or other computer systems.
2nd, separated digital certificate subsystem as above, its user input module, can be integrated in cell phone system, also during separated digital certificate subsystem host module can be integrated in, also can " part be integrated in cell phone system, and a part is integrated in separated digital certificate subsystem host module ".
3rd, digital certificate subsystem as above, is further characterized in that:It is included " public key of the digital certificate of digital certificate management subsystem platform ", " public key of national root CA digital certificates " and " corporate management module ", for in the digital certificate subsystem, checking and foundation to be by " digital certificate management subsystem platform and CA " dual digital signature, the quadrature digital up-converter of common management;There is no the dual digital signature of " digital certificate management subsystem platform and CA ", quadrature digital up-converter cannot be set up in the digital certificate subsystem;The characteristic, makes the mobile phone digital certificate subsystem, compatible " quadrature digital up-converter that each CA is signed and issued ";And it is more reliable safer;
It is further characterized in that including below step:
(1)" the mobile phone digital certificate subsystem " is received and " in the digital certificate subsystem, sets up the request of quadrature digital up-converter and the dual digital signature of " digital certificate management subsystem platform and CA ";
(2)It is somebody's turn to do " the corporate management module " of " mobile phone digital certificate subsystem ", by agreement, " public key of the digital certificate of digital certificate management subsystem platform and the public key of CA digital certificates " in using the digital certificate subsystem, verifies to " dual digital signature ";
(3)If the dual digital signature is verified, it is somebody's turn to do " corporate management module ", in " the mobile phone digital certificate subsystem " " quadrature digital up-converter " is set up;
Wherein, the dual digital signature of " digital certificate management subsystem platform and CA ", can be " digital certificate management subsystem platform and national root CA " dual digital signature, can also be " digital certificate management subsystem platform and operation CA " dual digital signature;
Wherein, " quadrature digital up-converter " can be " in mobile phone digital certificate subsystem, generation set up the unsymmetrical key of digital certificate to ", can also be " in mobile phone digital certificate subsystem, digital certificate is set up in download ".
4th, the digital certificate subsystem described in as described above 3, it has in the digital certificate subsystem, downloads the function of setting up " operation CA digital certificates ", and including below step:
(1) It is somebody's turn to do " mobile phone digital certificate subsystem ", after receiving " downloading the request for setting up ' operation CA digital certificates ' ", first in " mobile phone digital certificate subsystem ", one random number of generation, and keep in the random data(It is abbreviated as:Random number A), meanwhile, the random number is sent to " digital certificate management subsystem platform ";
(2) " digital certificate management subsystem platform ", receives " above-mentioned random number "(It is abbreviated as random number B);Then, signature is authenticated to " random number B+ runs CA digital certificates ";Then, " request, ' random number B+ runs CA digital certificates ' and its ' digital signature of digital certificate management subsystem platform ' for setting up ' operation CA digital certificates ' will be downloaded ", will be sent to " the mobile phone digital certificate subsystem ";
(3) It is somebody's turn to do " mobile phone digital certificate subsystem " to receive " downloading request, ' random number B+ runs CA digital certificates ' and its ' digital signature of digital certificate management subsystem platform ' for setting up ' operation CA digital certificates ' ";
(4) " the corporate management module " of the mobile phone digital certificate subsystem, by agreement, " the random number B " that receive and temporary " random number A " is compared;If consistent, next step is carried out;If inconsistent, terminate, refusal is downloaded;
(5) " the corporate management module " of the mobile phone digital certificate subsystem, by agreement, the digital signature of ' digital certificate management subsystem platform ' is somebody's turn to do in the public key of " mobile phone digital certificate management subsystem platform " in application " mobile phone digital certificate subsystem ", decryption;And verify the digital signature;
(6) If the digital signature authentication passes through, continue next step, be somebody's turn to do " corporate management module ", by agreement, using " public key of the national root CA digital certificates in mobile phone digital certificate subsystem ", to " digital signature of the root CA in operation CA digital certificates " that receive, verified;
(7) If the digital signature authentication also by, should " corporate management module ", download that set up should " operation CA digital certificates " in " the mobile phone digital certificate subsystem ".
5th, the digital certificate subsystem described in as described above 3, one of 4, it has:In the number
In word certificate subsystem, the function of " unsymmetrical key of customer digital certificate that operation CA is signed and issued to " is generated and set up, and including below step:
(1) It is somebody's turn to do " mobile phone digital certificate subsystem ", after receiving " request for generating unsymmetrical key pair ", first in " mobile phone digital certificate subsystem ", generates a random number, and keeps in the random data(It is abbreviated as:Random number A), meanwhile, the random number is sent to " digital certificate management subsystem platform ";
(2) " digital certificate management subsystem platform ", receives " above-mentioned random number "(It is abbreviated as random number B);Then, signature is authenticated to " random number B+ runs CA data certificates ";Then, " request, ' random number B+ runs CA digital certificates ' and its ' digital signature of digital certificate management subsystem platform ' of unsymmetrical key pair will be generated ", will be sent to " operation CA ";
(3) Operation CA, receives above-mentioned " generating request, ' random number B+ runs CA digital certificates ' and its ' digital signature of digital certificate management subsystem platform ' of unsymmetrical key pair ", and by agreement, " the random number B " to receiving is authenticated signature;Then, then by " generating request, ' random number B+ runs CA digital certificates ' and its ' digital signature of digital certificate management subsystem platform ', ' digital signature of random number B and its operation CA ' of unsymmetrical key pair ", it is sent to the digital certificate subsystem;
(4) The digital certificate subsystem, receives above-mentioned " generating request, ' random number B+ runs CA digital certificates ' and its ' digital signature of digital certificate management subsystem platform ', ' digital signature of random number B and its operation CA ' of unsymmetrical key pair ";
(5) " the corporate management module " of the mobile phone digital certificate subsystem, by agreement, " the random number B " that receive and temporary " random number A " is compared;If consistent, next step is carried out;If inconsistent, terminate, refusal is downloaded;
(6) " the corporate management module " of the mobile phone digital certificate subsystem, by agreement, the digital signature of ' digital certificate management subsystem platform ' is somebody's turn to do in the public key of " mobile phone digital certificate management subsystem platform " in application " mobile phone digital certificate subsystem ", decryption;And verify the digital signature;
(7) If the digital signature authentication passes through, continue next step, be somebody's turn to do " corporate management module ", by agreement, apply " public key of national root CA digital certificates ", to " digital signature of the root CA in operation CA digital certificates " that receive, verified;
(8) If the digital signature authentication also by, should " corporate management module ", download that set up should " operation CA digital certificates " in " the mobile phone digital certificate subsystem ";And carry out next step;
(9) " the corporate management module " of the mobile phone digital certificate subsystem, by agreement, applies " public key of operation CA digital certificates ", to " digital signature of the operation CA of random number B ' " that receive, is verified;
(10) If the digital signature authentication is also by " the corporate management module " starts " unsymmetrical key product process ", generate the unsymmetrical key pair for being somebody's turn to do " mobile phone digital certificate subsystem "(Private key and public key);
(11) " the corporate management module " of the mobile phone digital certificate subsystem, with the private key of the unsymmetrical key pair of above-mentioned generation, " the ID data of the public key data of the above-mentioned generation+digital certificate subsystem " are digitally signed, " above-mentioned operation CA " is then sent to, is signed and issued based on the customer digital certificate of " the mobile phone digital certificate subsystem " for " above-mentioned operation CA ".
6th, the digital certificate subsystem described in as described above 3,4, one of 5, it has:
In the digital certificate subsystem, the function of SP digital certificates is set up in download, and including below step:
(1) It is somebody's turn to do " mobile phone digital certificate subsystem ", after receiving " request that SP digital certificates are set up in download ", first in " mobile phone digital certificate subsystem ", generates a random number, and keeps in the random data(It is abbreviated as:Random number A), meanwhile, the random number is sent to " digital certificate management subsystem platform ";
(2) " digital certificate management subsystem platform ", receives " above-mentioned random number "(It is abbreviated as random number B);Then, signature is authenticated to " digital certificate for signing and issuing CA of the random number B+SP digital certificates+SP digital certificates ";Then, by " request of SP digital certificates, ' digital certificate for signing and issuing CA of the random number B+SP digital certificates+SP digital certificates ' and its ' digital signature of digital certificate management subsystem platform ' are set up in download ", it is sent to " operation CA ";
(3) The digital certificate subsystem, receives above-mentioned " request of SP digital certificates, ' digital certificate for signing and issuing CA of the random number B+SP digital certificates+SP digital certificates ' and its ' digital signature of digital certificate management subsystem platform ' are set up in download ";
(4) " the corporate management module " of the mobile phone digital certificate subsystem, by agreement, " the random number B " that receive and temporary " random number A " is compared;If consistent, next step is carried out;If inconsistent, terminate, refusal is downloaded;
(5) " the corporate management module " of the mobile phone digital certificate subsystem, by agreement, the digital signature of ' digital certificate management subsystem platform ' is somebody's turn to do in the public key of " mobile phone digital certificate management subsystem platform " in application " mobile phone digital certificate subsystem ", decryption;And verify the digital signature;
(6) If the digital signature authentication passes through, continue next step, be somebody's turn to do " corporate management module ", by agreement, apply " public key of national root CA digital certificates ", to " digital signature of the root CA in operation CA digital certificates " that receive, verified;
(7) If the digital signature authentication also by, should " corporate management module ", download that set up should " operation CA digital certificates " in " the mobile phone digital certificate subsystem ";And carry out next step;
(8) " the corporate management module " of the mobile phone digital certificate subsystem, by agreement, applies " public key of operation CA digital certificates ", to " digital signature of the operation CA in SP digital certificates ' " that receive, is verified;
(9) If the digital signature authentication is also by " the corporate management module " is downloaded in " the mobile phone digital certificate subsystem " and set up the SP digital certificates.
2nd, separated digital certificate subsystem host module
Separated digital certificate subsystem host module, typically with " encapsulating in the form of card ", so referred to as SDC cards;SDC is Secure Digital The abbreviation of Certificate Card.
1st, the present invention provides a kind of " separated digital certificate subsystem host module ", the digital certificate subsystem main functional modules for being " not including ' display panel module of digital certificate subsystem ' but including ' processor of digital certificate subsystem, memorizer, I/O interface and software system and Encryption Decryption module and key production module ' ";It is used for " generation set up the unsymmetrical key of digital certificate to ", storage and Applied Digital certificate, be digitally signed;
It is characterized in that:It is in structure can be detached with " digital certificate subsystem ", is " host module of separated digital certificate subsystem ";It is included " interface connector of digital certificate subsystem host module ", in the interface of the interface connector, include " interface of the connection communication of ' digital certificate subsystem host module ' and ' the interconnection mainframe computer system of digital certificate subsystem ' ", include " connecting interface of ' digital certificate subsystem host module ' and ' the output display panel module of digital certificate subsystem ' ";
It is further characterized in that:Its " display panel module " and " interface connector matched with its ' interface connector ' ", is integrated in " the interconnection mainframe computer system of its digital certificate subsystem ";It is to be connected with each other to communicate with " the interconnection mainframe computer system of its digital certificate subsystem " by " matching connector of ' its interface connector ' in its ' interconnection mainframe computer system of digital certificate subsystem ' ";Simultaneously, it is also to be connected with " ' its display panel module ' that be integrated in ' the interconnection mainframe computer system of its digital certificate subsystem ' " by " matching connector for being somebody's turn to do ' its interface connector ' in its ' interconnection mainframe computer system of digital certificate subsystem ' ", and output display information data;
Wherein, after it is connected to " ' its interface connector ' in its ' interconnection mainframe computer system of digital certificate subsystem ' ", then " the interconnection mainframe computer system of its digital certificate subsystem " just includes one " complete digital certificate subsystem ", and can carry out based on the application of the digital certificate subsystem;
Wherein, " the interconnection mainframe computer system of digital certificate subsystem ", is " can with digital certificate subsystem connection communication, and can be with the computer system of the Internet connection communication ";It can be cell phone system, panel computer system, notebook-computer system or other computer systems.
2nd, " digital certificate subsystem host module " as indicated above, is further characterized in that:It carries a user input key, is directly connected with " the I/O interfaces of the SOC of digital certificate subsystem host module ", directly can send user command to the digital certificate subsystem host module;Also, the user input key is engaged with the software functional block for being somebody's turn to do " digital certificate subsystem host module ", " short to press " and " length is pressed " two kinds of user commands can be sent;Wherein, when the user input key sends " short to press " order, the software functional block can read the binary data order of " 01XXX " at " in the I/O interface registers that the user input key is directly connected to ", and the command definition is:" the turning down one page of circulation display pattern " order;Once, then the display panel module of the digital certificate subsystem, by circulation display pattern, turns down one page to user's " short to press ";Wherein, when the user input key sends " length is pressed " order, the software functional block can read the binary data order of " 00000XXX " at " in the I/O interface registers that the user input key is directly connected to ", and the command definition is:User confirms the order of digital signature;Without " length is pressed " user command is somebody's turn to do, then the digital certificate subsystem will not be digitally signed.
3rd, " the digital certificate subsystem host module " as described in above-mentioned 1, one of 2, is further characterized in that:It is included " display management module ", after " information data of request digital signature " is received when " the digital certificate subsystem host module ", should " display management module " meeting generation one " prompting of the user input key that operation ' digital certificate subsystem host module ' is carried " at random;" prompting " and " to show ' information data of request digital signature ' of confirmation ", sends jointly to the display panel module of " digital certificate subsystem host module ", is shown to user;User sees after display information, need to be operated with " the user input key that ' digital certificate subsystem host module ' is carried " by prompting;Meanwhile, it is somebody's turn to do " display management module ", the operation of user is monitored, and whether compare " operation of user " consistent with " operation of prompting ";If inconsistent, it is somebody's turn to do " digital certificate subsystem host module ", it is impossible to which " information data of request digital signature " is digitally signed.
4:As described above 1,2, one of 3 " digital certificate subsystem host module ", is further characterized in that:It is included " public key of the digital certificate of digital certificate management subsystem platform ", " public key of national root CA digital certificates " and " corporate management module ", for in the digital certificate subsystem, checking and foundation to be by " digital certificate management subsystem platform and CA " dual digital signature, the quadrature digital up-converter of common management;There is no the dual digital signature of " digital certificate management subsystem platform and CA ", quadrature digital up-converter cannot be set up in the digital certificate subsystem;The characteristic, makes the digital certificate subsystem host module, compatible " quadrature digital up-converter that each CA is signed and issued ";And it is more reliable safer;
It is further characterized in that including below step:
(1)" the digital certificate subsystem host module " is received and " in the digital certificate subsystem, sets up the request of quadrature digital up-converter and the dual digital signature of " digital certificate management subsystem platform and CA ";
(2)It is somebody's turn to do " the corporate management module " of " digital certificate subsystem host module ", by agreement, " public key of the digital certificate of digital certificate management subsystem platform and the public key of CA digital certificates " in using the digital certificate subsystem, verifies to " dual digital signature ";
(3)If the dual digital signature is verified, it is somebody's turn to do " corporate management module ", in " the digital certificate subsystem host module " " quadrature digital up-converter " is set up;
Wherein, the dual digital signature of " digital certificate management subsystem platform and CA ", can be " digital certificate management subsystem platform and national root CA " dual digital signature, can also be " digital certificate management subsystem platform and operation CA " dual digital signature;
Wherein, " quadrature digital up-converter " can be " in digital certificate subsystem host module, generation set up the unsymmetrical key of digital certificate to ", can also be " in digital certificate subsystem host module, digital certificate is set up in download ".
3rd, the cell phone system of integrated purification formula digital certificate subsystem
1st, a kind of cell phone system that the present invention is provided, including hand-set host system and display system,
It is characterized in that:It includes digital certificate subsystem;And include:The user input module of digital certificate subsystem host module, the display panel module of digital certificate subsystem and digital certificate subsystem;
It is further characterized in that:Its " digital certificate subsystem host module " be in structure can with " digital certificate subsystem " and it is detached, be " host module of separated digital certificate subsystem ";Its " digital certificate subsystem host module " is included " interface connector of digital certificate subsystem host module ", in the interface of the interface connector, include " interface of the connection communication of ' digital certificate subsystem host module ' and ' the interconnection mainframe computer system of digital certificate subsystem ' ", include " connecting interface of ' digital certificate subsystem host module ' and ' the output display panel module of digital certificate subsystem ' ";
It is further characterized in that:Be somebody's turn to do " display panel module of digital certificate subsystem " and " interface connector matched with ' interface connector of the digital certificate subsystem host module ' ", it is integrated in cell phone system;It is to be connected with each other to communicate with " the interconnection mainframe computer system of the digital certificate subsystem " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ";Simultaneously, it is also to be connected with " ' display panel module of digital certificate subsystem ' that be integrated in ' the interconnection mainframe computer system of the digital certificate subsystem ' " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ", and output display information data;
Wherein, after " being somebody's turn to do ' interface connector of digital certificate subsystem host module ' in the cell phone system " is connected to when " the separated digital certificate subsystem host module ", then the cell phone system just includes one " complete digital certificate subsystem ", and can carry out based on the application of the digital certificate subsystem.
2nd, cell phone system as above, is further characterized in that:It includes " the display panel module that cell phone system host module is shared with its digital certificate subsystem host module;
Wherein, it is to connect " the display output link of cell phone system host module " and " the display output link of separated digital certificate subsystem host module " respectively by " showing the selecting switch module of link " to be somebody's turn to do " shared display panel module ";" the selecting switch module of link should be shown " and include " control signal circuit for showing the selecting switch of link ", and the switch controlling signal is connected on " interface connector of separated digital certificate subsystem host module " in cell phone system;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the switch controlling signal is connected with " separated digital certificate subsystem host module ", and controls its state by " separated digital certificate subsystem host module ";" separated digital certificate subsystem host module " controls " showing the selecting switch module of link " in cell phone system, control " shared display panel module " and is attached to " the display output link of cell phone system host module " or " the display output link of separated digital certificate subsystem host module " by configuring the state of the switch controlling signal;Simultaneously, when " interface connector of separated digital certificate subsystem host module " in cell phone system is not connected with " separated digital certificate subsystem host module ", should " control signal circuit of the selecting switch of display link " default state in connection " the display output link of cell phone system host module ".
3rd, the cell phone system described in as described above 1, one of 2, is further characterized in that:It is included " the user input module that cell phone system host module is shared with its digital certificate subsystem host module ";
Wherein, it is to connect " the user input link of cell phone system host module " and " the user input link of separated digital certificate subsystem host module " respectively by " selecting switch module " to be somebody's turn to do " shared user input module ";It is somebody's turn to do " selecting switch module " to include " control signal circuit of selecting switch ", and the switch controlling signal is connected on " interface connector of separated digital certificate subsystem host module " in cell phone system;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the switch controlling signal is connected with " separated digital certificate subsystem host module ", and controls its state by " separated digital certificate subsystem host module ";" separated digital certificate subsystem host module " controls " selecting switch module " in cell phone system, control " shared user input module " and is attached to " the user input link of cell phone system host module " or " the user input link of separated digital certificate subsystem host module " by configuring the state of the switch controlling signal;Simultaneously, when " interface connector of separated digital certificate subsystem host module " in cell phone system is not connected with " separated digital certificate subsystem host module ", should " control signal circuit of selecting switch " default state in connection " the user input link of cell phone system host module ".
4th, the cell phone system as described in above-mentioned 1,2, one of 3, is further characterized in that:The interface of its " interface connector of separated digital certificate subsystem host module ", including simultaneously compatibility MICRO The interface of SD card SPI mode;Work as MICRO SD card is inserted on request after " interface connector of separated digital certificate subsystem host module " of the cell phone system, and the cell phone system can be by MICRO SD card SPI mode normally reads and writes MICRO SD card;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the compatible MICRO being somebody's turn to do in " interface connector of separated digital certificate subsystem host module " The interface of SD card SPI mode, for the connection communication of " separated digital certificate subsystem host module " and " cell phone system host module ".
5th, the cell phone system as described in above-mentioned 1, one of 4, is further characterized in that:It is included
" the shared user input module of the separated formula digital certificate subsystem host module of cell phone system host module " and " the special display panel module of separated digital certificate subsystem host module ";Meanwhile, the interface of its " interface connector of separated digital certificate subsystem host module ", including I2C communication interfaces and " selecting switch module " control signal interface;
Wherein, it is to connect " the user input link of cell phone system host module " and " the user input link of separated digital certificate subsystem host module " respectively by " selecting switch module " to be somebody's turn to do " shared user input module ";It is somebody's turn to do " selecting switch module " to include " control signal circuit of selecting switch ", and the switch controlling signal is connected on " interface connector of separated digital certificate subsystem host module " in cell phone system;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the switch controlling signal is connected with " separated digital certificate subsystem host module ", and controls its state by " separated digital certificate subsystem host module ";" separated digital certificate subsystem host module " controls " selecting switch module " in cell phone system, control " shared user input module " and is attached to " the user input link of cell phone system host module " or " the user input link of separated digital certificate subsystem host module " by configuring the state of the switch controlling signal;Simultaneously, when " interface connector of separated digital certificate subsystem host module " in cell phone system is not connected with " separated digital certificate subsystem host module ", should " control signal circuit of selecting switch " default state in connection " the user input link of cell phone system host module ";
Wherein, it is somebody's turn to do " the special display panel module of separated digital certificate subsystem host module " and there is I2C communication interfaces, the I2C communication interfaces in its " interface connector of separated digital certificate subsystem host module " with the cell phone system is connected;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the I2C interfaces that " separated digital certificate subsystem host module " passes through in " interface connector of separated digital certificate subsystem host module " are somebody's turn to do, to " the special display panel module of separated digital certificate subsystem host module " the output display information data;
4th, with the mobile phone SOC of SIS security identification subsystems
" mobile phone of integrated purification formula digital certificate subsystem ", " the mobile phone SOC of integrated SIS security identification subsystem " can be used, for realizing " authentication registration of the hardware simplicity circuit of digital certificate subsystem display module and user input module in being integrated in mobile phone ".
1st, the mobile phone SOC with SIS security identification subsystems is characterized in that:
1)SIS security identification subsystems in the mobile phone SOC, it is Jing Third Party Authentication agency qualifications, the computer subsystem with digital certificate subsystem software and hardware function, it includes " public key of the SOC information management platform " and " the setting up management module of the SOC identification key ", " unsymmetrical key pair is being generated in SIS security identification subsystems for management(Private key and public key);
Wherein, the private key of generation is uniquely stored in SIS security identification subsystems, can not be derived, and as the recognition marks of the SOC;
Wherein, the public key of generation can be exported, and be stored in the SOC information database with the ID data associations of SOC, for recognizing the certification SOC;
Wherein, it " is generating unsymmetrical key pair in SIS security identification subsystems(Private key and public key)" method, like the prior art, repeat no more;
2)SIS security identification subsystems in the mobile phone SOC, although the function with digital certificate subsystem, but here be served only for recognize the SOC, so not being commercial encryption product, do not limited by commercial cipher specification;
3)The I/O circuit modules of the mobile phone SOC and function are Jing Third Party Authentications agency qualifications and be full disclosure.According to the function of the I/O circuit modules of the SOC of full disclosure, by designing inspection software, it is capable of achieving to carry out safety certification detection to " the digital certificate subsystem display module being integrated in mobile phone and the hardware simplicity circuit of user input module and function ";
4)It is unique, not reproducible to be somebody's turn to do " the identification private key in mobile phone SOC SIS security identification subsystem ";Meanwhile, the mobile phone SOC high complexity, it is also difficult to replicate;So, " being integrated in the SOC in mobile phone ", after arbitrarily sale intermediate links, " ' the matching public key of the identification private key of the SOC SIS security identification subsystem ' and SOC ID data in the SOC information database " can be applied to recognize certification " SOC in the mobile phone ".
2nd, using the function of the mobile phone SOC, safety certification detection is carried out to " the digital certificate subsystem display module being integrated in mobile phone and the hardware simplicity circuit of user input module and function ", its thinking and method are described below, and here is simple.
5th, the method and its authentication registration system of " separated digital certificate subsystem " authentication registration.
Because of " separate type mobile telephone digital certificate subsystem host module ", it is by national commercial cipher specification, carry out independent design, production and selling, without the need for re-registration certification, so, " authentication registration of the separated digital certificate subsystem in being integrated in mobile phone ", is just reduced to " authentication registration of the hardware simplicity circuit of digital certificate subsystem display module and user input module in being integrated in mobile phone ";
1st, a kind of method of " separated digital certificate subsystem " authentication registration, its thinking includes:
1)Design " the authentication registration system of separated digital certificate subsystem(Abbreviation MST, MST are Test Tool The abbreviation of of Mobile safety subsystem)", carry out authentication registration for " the hardware simplicity circuit of digital certificate subsystem display module and user input module in being integrated in mobile phone " ";The MST is a computer system with digital certificate subsystem function, the private key with oneself and digital certificate;The MST includes " information database of SOC " and " detection module of separated digital certificate subsystem(Abbreviation MST detection modules)”;It is somebody's turn to do " MST detection modules ", " cell phone system of integrated purification formula digital certificate subsystem can be sent to(Abbreviation MS)", and foundation is downloaded in the cell phone system and is started and is carried out detection operation and feed back testing result to MST;
Especially, the MST detection modules have anti-counterfeiting characteristic;MST is sent to every time the MST detection modules of MS, and its function is constant, but its data structure is random variable, and MST is sent to every time the MST detection modules of MS, and the data form that MST is fed back to after its operation detection is also encryption, random variable;If MS does not perform this MST detection module, MST will not obtain the detection feedback information of correct format in limiting time, can judge detection failure;
The examining report of MST " digital certificate subsystem display module and user input module in being integrated in mobile phone ", exports again after being digitally signed with its private key;
2)Design is " including the separated digital certificate subsystem host module of authentication checks module(Abbreviation SDC detection cards)", for detecting " being integrated in the digital certificate subsystem display module and user input module in mobile phone ";
3)In " the mobile phone of integrated purification formula digital certificate subsystem(Abbreviation MS)" in, design " authentication registration management module ", " download in the cell phone system and set up ' from the authentication registration system of separated digital certificate subsystem for managing(Abbreviation MST)' detection module;And start the execution detection module ', to ' display panel module and user input module of the separated digital certificate subsystem being integrated in the mobile phone " carry out detection operation ";
4)Above three part, integrated collaborative, by the method for following " separated digital certificate subsystem " authentication registration, registration detection and certification to " being integrated in the hardware simplicity circuit of digital certificate subsystem display module in mobile phone and user input module " are realized ".
2nd, a kind of method of " separated digital certificate subsystem " authentication registration, for carrying out safety certification detection to " the digital certificate subsystem display module being integrated in mobile phone and the hardware simplicity circuit of user input module and function ", it includes below step:
1)" the authentication registration system of separated digital certificate subsystem "(Hereinafter referred to as MST)Connection " mobile phone of integrated purification formula digital certificate subsystem "(Hereinafter referred to as MS);Meanwhile, " including the separated digital certificate subsystem host module of authentication checks module "(Hereinafter referred to as SDC detection cards), also connect in mobile phone;
2)User starts its " authentication registration management module of separated digital certificate subsystem " on MS, and sends " request of authentication registration " to MST;
3)MST is received after " the authentication registration request of MS ", by MST detection modules, is sent to MS;
4)" the authentication registration management module " of MS, the detection module that MST is sent is downloaded and set up in MS
In, and startup optimization;
5)The MST detection modules run in MS, first detect the SOC of MS, including below step:
(1)MST detection modules, to the SIS security identification subsystem in SOC " certification request " is sent;
(2)SIS security identification subsystems in SOC, at it a random number is internally generated;Its private key is then applied, " the SOC ID data+random number " are digitally signed;Then by " the SOC ID data+random number " and its digital signature, MST detection modules in MS are fed back to;
(3)MST detection modules in MS, then by " the SOC ID data+random number " and its digital signature, feed back to MST;
(4)By " SOC ID data ", its public key for matching is read in the retrieval in " SOC information database " to MST;And using the public key, decryption verification " digital signature of the SOC SIS security identification subsystem private key for receiving ";
(5)SOC certification success if being verified, in MS;Then MST notifies the MST detection modules in MS, continues to detect;If checking does not pass through, MST judges detection failure;
6)MST detection modules in MS, receive the information of " MST certification SOC successes ", proceed detection;
7)MST detection modules in MS, to " SDC detection card " transmissions " starting and detect the order of ' the hardware simplicity circuit and function that are integrated in digital certificate subsystem display module in mobile phone and user input module ' " in MS;
8)" SDC detection cards " in MS, after receiving mentioned order, startup optimization " detection module in SDC detection cards ", it includes below step:
(1)" detection module in SDC detection cards ", first determines that " the digital certificate subsystem display module being integrated in mobile phone and user input module " is disposed on the pattern being directly connected to " SDC detection cards ";
(2)" detection module in SDC detection cards ", to " being integrated in the digital certificate subsystem display panel module in mobile phone ", sends " information of the user input key that assigned operation ' with the digital certificate Subsystem subscribers input module being integrated in mobile phone ' is connected ";" certification personnel " are carried out " practical operation specified " according to the information for showing;Meanwhile, " detection module of SDC detection cards " is somebody's turn to do, whether monitoring " practical operations of certification personnel " is consistent with " operation of prompting ";
(3)If above-mentioned " practical operation " is consistent with " operation of prompting ";Then " detection module of SDC detection cards ", continues to show next " prompting of assigned operation ", and repeats previous step(2);Until all " the user input keys being connected with ' the digital certificate Subsystem subscribers input module being integrated in mobile phone ' " all detections are verified;
(4)If above-mentioned detection all passes through, provable " the digital certificate subsystem display module being integrated in mobile phone " can normally show the display information of " SDC detection cards " output;Provable " the digital certificate Subsystem subscribers input module being integrated in mobile phone " can carry out normal user command input to " SDC detection cards ";
(5)" detection module in SDC detection cards ", also to continue detection proves:When " pattern being directly connected to ' SDC detection cards ' is configured in ' the digital certificate subsystem display module being integrated in mobile phone and user input module ' ", the any correlation combiner output of " the I/O output function blocks of mobile phone SOC ", all without to " being integrated in the display information of the digital certificate subsystem display panel module in mobile phone ", and " the user input information of SDC detection cards " has an impact;
(6)When " pattern being directly connected to ' SDC detection cards ' is configured in ' the digital certificate subsystem display module being integrated in mobile phone and user input module ' ", " detection module in SDC detection cards " specific display information of configuration output, and monitor its change by certification personnel;Meanwhile, " detection module in SDC detection cards " configuration keeps monitoring " state of ' each interface register of SDC detection cards ' of ' being integrated in the digital certificate Subsystem subscribers input module in mobile phone ' connection ";Then, " detection module in SDC detection cards " request
" the MST detection modules in MS ", starts and performs its " functional device of traversal SOC correlation I/O output combinations ";
(7)" the MST detection modules in MS " receives above-mentioned request, starts and performs its " functional device of traversal SOC correlation I/O outputs ", exports " the various combinations of the physical layer state of mobile phone SOC correlation I/O output interfaces ";Meanwhile, " certification personnel " keep whether monitoring " customizing messages that the digital certificate subsystem display panel module being integrated in mobile phone shows " changesMeanwhile, " detection module in SDC detection cards " keeps whether monitoring " state of ' each interface register of SDC detection cards ' of ' the digital certificate Subsystem subscribers input module being integrated in mobile phone ' connection " changes
(8)If during " the MST detection modules in MS " performs its " functional device of traversal SOC correlation I/O outputs ", and " completing until performing ", " certification personnel " monitoring " customizing messages that the digital certificate subsystem display panel module being integrated in mobile phone shows " is not changed in and " detection module in SDC detection cards " monitoring " state of ' each interface register of SDC detection cards ' of ' the digital certificate Subsystem subscribers input module being integrated in mobile phone ' connection " is also not changed in, then illustrate:Any correlation combiner output of " the I/O output function blocks of mobile phone SOC ", all without to " being integrated in the display information of the digital certificate subsystem display panel module in mobile phone ", and " the user input information of SDC detection cards " has an impact;Then authentication checks pass through;If above-mentioned monitoring finds to change, detection failure;
9)" the MST detection modules in MS ", by above-mentioned testing result, feeds back on request MST;
10)If MST is according to the testing result of feedback, judge that detection passes through;Meanwhile, " link of certification monitored by personnel " also all normal through, then can determine that " digital certificate subsystem display module and user input module in the mobile phone " registration detection certification pass through;Then " integrated can associate in the mobile phone ' separated digital certificate subsystem host module ' ";Then the mobile phone can have complete digital certificate subsystem, and set up based on all kinds of quadrature digital up-converters of digital certificate subsystem.
It should be noted that, the method for above-mentioned " separated digital certificate subsystem " authentication registration ", " certification personnel " link that manually operation, monitoring judge is which includes, not preferred plan;In actual applications, completely automatization's authentication checks can be realized by designing " automatic test fixture ", because content is more, is not going to repeat.
6th, the interconnection mainframe computer system of mobile phone digital certificate subsystem
" separated digital certificate subsystem " that the present invention is provided, it is initially designed for mobile phone digital certificate application demand, therefore is also called " mobile phone digital certificate subsystem ";But it is really a general digital certificate subsystem;It can both be integrated in cell phone system, in being also integrated in the various computer systems such as panel computer, notebook computer, server system.
" the interconnection mainframe computer system of mobile phone digital certificate subsystem " of the present invention, by being with " the quasi- digital certificate subsystem of mobile phone " connection communication, also can be with the computer system of the Internet connection communication;It can be cell phone system, panel computer system, notebook-computer system or other computer systems.
Beneficial effect:
Mobile phone digital certificate subsystem and its system and method that the present invention is provided, solve problem present in existing digital certificate technique, make " authentication registration of the digital certificate subsystem in being integrated in mobile phone ", " authentication registration of the hardware simplicity circuit of digital certificate subsystem display module and user input module in being integrated in mobile phone " of easy realization is reduced to, makes digital certificate subsystem to be integrated in low cost extensively application in mobile phone;And while compatible " application of the digital certificate that each CA is signed and issued ";And it is more reliable safer.
Description of the drawings
Fig. 1 is the cell phone system of the embodiment of the present invention 1, separated digital certificate subsystem and its host module(SDC cards)Schematic diagram.
Fig. 2 is the cell phone system of the embodiment of the present invention 2, separated digital certificate subsystem and its host module(SDC cards)Schematic diagram.
Fig. 3 is the cell phone system of the embodiment of the present invention 3, separated digital certificate subsystem and its host module(SDC cards)Schematic diagram.
Specific embodiment
Several specific embodiments are given below in conjunction with the accompanying drawings.
Embodiment 1:
Refer to the attached drawing 1, the cell phone system of the embodiment of the present invention 1 includes separated digital card
Book subsystem;Wherein, the host module of separated digital certificate subsystem(Abbreviation SDC cards), it carries user input interface K1 button, and be in structure can be detached with cell phone system;Wherein, " the display panel module of separated digital certificate subsystem(Referred to as:SDC card display panel modules)In being integrated in cell phone system;
Wherein, SDC cards pass through interface connector(SDC draw-in grooves)It is connected with cell phone system connection communication and with " the SDC card display panel modules " that be integrated on mobile phone;The SD card interface of its AUI compatibility SPI mode(I.e.:2nd foot to the 7th foot of its AUI, it is same to the 7th foot function phase with the 2nd foot of SD card interface);1st foot of its AUI and the 8th foot, design is defined as the scl clock lines and sda data wires of I2C interfaces, for connecting " the SDC card display panel modules with I2C interfaces ";SDC cards are by I2C interfaces to " being integrated in the SDC card display panel modules on mobile phone " output display data;
Wherein, the user input key K1 that SDC cards are carried, is directly connected with " the I/O interfaces of the SOC of SDC cards ", directly can send user command to the digital certificate subsystem host module;Also, the user input key is engaged with the software functional block for being somebody's turn to do " digital certificate subsystem host module ", " short to press " and " length is pressed " two kinds of user commands can be sent;Wherein, when the user input key sends " short to press " order, the software functional block can read the binary data order of " 01XXX " at " in the I/O interface registers that the user input key is directly connected to ", and the command definition is:" the turning down one page of circulation display pattern " order;Once, then the display panel module of the digital certificate subsystem, by circulation display pattern, turns down one page to user's " short to press ";Wherein, when the user input key sends " length is pressed " order, the software functional block can read the binary data order of " 00000XXX " at " in the I/O interface registers that the user input key is directly connected to ", and the command definition is:User confirms the order of digital signature;Without " length is pressed " user command is somebody's turn to do, then the digital certificate subsystem will not be digitally signed.
Embodiment 2:
Refer to the attached drawing 2, the cell phone system of the embodiment of the present invention 2 includes separated digital certificate subsystem;Wherein, the host module of separated digital certificate subsystem(Abbreviation SDC cards), being in structure can be detached with cell phone system;Wherein, " the display panel module of separated digital certificate subsystem(Referred to as:SDC card display panel modules)With user input module(k1-k4), in being integrated in cell phone system;
Wherein, SDC cards pass through interface connector(SDC draw-in grooves)It is connected with cell phone system connection communication and with " the SDC card display panel modules " that be integrated on mobile phone;The SD card interface of its AUI compatibility SPI mode(I.e.:2nd foot to the 7th foot of its AUI, it is same to the 7th foot function phase with the 2nd foot of SD card interface);8th foot of its AUI and the 9th foot, design is defined as the scl clock lines and sda data wires of I2C interfaces, for connecting " the SDC card display panel modules with I2C interfaces ";Simultaneously, the I2C interface signals are also connected in parallel one " I2C expansion I/O circuit modules ", it is somebody's turn to do " 4 I/O expansion interfaces of I2C expansion I/O circuit modules " to be connected to " selected on-off circuit module ", and by " the selected on-off circuit module " and 4 user input interfaces(K1-K4)Connection;
Wherein, the 1st foot of SDC card interfaces adapter, design is defined as the ctl control signal wires of " selected on-off circuit ", and the ctl control signals are exported by the configuration of SDC cards;
Wherein, " it is integrated in the user input module of the SDC cards in mobile phone(K1-K4)", it is " shared user input module ", it passes through the user input link that " selecting switch module " connects respectively " the user input link of cell phone system host module " and SDC cards ";It is somebody's turn to do " selecting switch module " to include " control signal circuit of selecting switch ", and the switch controlling signal is connected on " the SDC card interface adapters " in cell phone system;After SDC cards are connected to " the SDC card interface adapters of the cell phone system ", the switch controlling signal is connected with SDC cards, and by its state of SDC card controls;SDC cards control " selecting switch module " in cell phone system, control " shared user input module " and are attached to the user input link of " the user input link of cell phone system host module " or SDC cards by configuring the state of the switch controlling signal ";Meanwhile, when " the SDC card interface adapters in cell phone system " not connected SDC cards, it is somebody's turn to do " control signal circuit of selecting switch ", by resistance R1 circuits are drawn high, default configuration is in the state of connection " the user input link of cell phone system host module ".
Embodiment 3:
Refer to the attached drawing 3, the cell phone system of the embodiment of the present invention 3 includes separated digital certificate subsystem;Wherein, the host module of separated digital certificate subsystem(Abbreviation SDC cards), being in structure can be detached with cell phone system;Wherein, " the display panel module of separated digital certificate subsystem(Referred to as:SDC card display panel modules)With user input module(k1-k4), in being integrated in cell phone system;
Wherein, SDC cards pass through interface connector(SDC draw-in grooves)In USB interface circuit and cell phone system connection communication;
Wherein, SDC cards pass through interface connector(SDC draw-in grooves)Middle HDMI circuit is connected with " display panel module " that be integrated on mobile phone;
Wherein, SDC cards pass through interface connector(SDC draw-in grooves)The scl clock lines and sda data wires of middle I2C interfaces, one " I2C expansion I/O circuit modules " of connection, it is somebody's turn to do " 4 I/O expansion interfaces of I2C expansion I/O circuit modules " to be connected to " selected on-off circuit module ", and by " the selected on-off circuit module " and 4 user input interfaces(K1-K4)Connection;
Wherein, in SDC card interfaces adapter, the ctl control signal feet of also 1 " selected on-off circuit ", the ctl control signals are exported by the configuration of SDC cards;
Wherein, " it is integrated in the display panel module of the SDC cards in mobile phone ", is " shared display panel module ", it passes through the display output link that " showing the selecting switch module of link " connects respectively " the display output link of cell phone system host module " and SDC cards;" the selecting switch module of link should be shown " and include " control signal circuit for showing the selecting switch of link ", and the switch controlling signal is connected on " interface connector of the SDC cards in machine system ";After SDC cards are connected to " the SDC card interface adapters of the cell phone system ", the switch controlling signal is connected with SDC cards, and by its state of SDC card controls;SDC cards control the display output link that " showing the selecting switch module of link " in cell phone system, control " shared display panel module " are attached to " the display output link of cell phone system host module " or SDC cards by configuring the state of the switch controlling signal;Simultaneously, when " the SDC card interface adapters in cell phone system " not connected SDC cards, " control signal circuit of the selecting switch of link should be shown ", by resistance R1 circuits are drawn high, default configuration is in the state of connection " the display output link of cell phone system host module ";
Wherein, " it is integrated in the user input module of the SDC cards in mobile phone(K1-K4)", it is " shared user input module ", it passes through the user input link that " selecting switch module " connects respectively " the user input link of cell phone system host module " and SDC cards ";It is somebody's turn to do " selecting switch module " to include " control signal circuit of selecting switch ", and the switch controlling signal is connected on " the SDC card interface adapters " in cell phone system;After SDC cards are connected to " the SDC card interface adapters of the cell phone system ", the switch controlling signal is connected with SDC cards, and by its state of SDC card controls;SDC cards control " selecting switch module " in cell phone system, control " shared user input module " and are attached to the user input link of " the user input link of cell phone system host module " or SDC cards by configuring the state of the switch controlling signal ";Meanwhile, when " the SDC card interface adapters in cell phone system " not connected SDC cards, it is somebody's turn to do " control signal circuit of selecting switch ", by resistance R1 circuits are drawn high, default configuration is in the state of connection " the user input link of cell phone system host module ".
In sum, the technical scheme for providing using the present invention, it is possible to resolve problem present in existing digital certificate technique, makes digital certificate subsystem to be integrated in low cost extensively application in mobile phone;And while compatible " application of the digital certificate that each CA is signed and issued ";And it is more reliable safer;Beneficial effect can be obtained.

Claims (10)

1. the present invention provides a kind of mobile phone digital certificate subsystem, and it is included:Digital certificate
The user input module of subsystem host module, the display panel module of digital certificate subsystem and digital certificate subsystem;It is characterized in that:Its " digital certificate subsystem host module " is in structure can be detached with " digital certificate subsystem ", is " host module of separated digital certificate subsystem ";Its " digital certificate subsystem host module " is included " interface connector of digital certificate subsystem host module ", in the interface of the interface connector, include " interface of the connection communication of ' digital certificate subsystem host module ' and ' the interconnection mainframe computer system of digital certificate subsystem ' ", include " connecting interface of ' digital certificate subsystem host module ' and ' digital certificate subsystem output display panel module ' ";
It is further characterized in that:Be somebody's turn to do " display panel module of digital certificate subsystem " and " interface connector matched with ' interface connector of the digital certificate subsystem host module ' ", it is integrated in " the interconnection mainframe computer system of the digital certificate subsystem ";
Wherein, it is to be connected with each other to communicate with " the interconnection mainframe computer system of the digital certificate subsystem " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ";Simultaneously, it is also to be connected with " ' display panel module of digital certificate subsystem ' that be integrated in ' the interconnection mainframe computer system of the digital certificate subsystem ' " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ", and output display information data;
Wherein, after " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " is connected to when " the separated digital certificate subsystem host module ", then being somebody's turn to do " the interconnection mainframe computer system of digital certificate subsystem " just includes one " complete digital certificate subsystem ", and can carry out based on the application of the digital certificate subsystem;
Wherein, " the interconnection mainframe computer system of digital certificate subsystem ", is " can with digital certificate subsystem connection communication, and can be with the computer system of the Internet connection communication ";It can be cell phone system, panel computer system, notebook-computer system or other computer systems.
2. digital certificate subsystem as claimed in claim 1, is further characterized in that:It is included " public key of the digital certificate of digital certificate management subsystem platform ", " public key of national root CA digital certificates " and " corporate management module ", for in the digital certificate subsystem, checking and foundation to be by " digital certificate management subsystem platform and CA " dual digital signature, the quadrature digital up-converter of common management;There is no the dual digital signature of " digital certificate management subsystem platform and CA ", quadrature digital up-converter cannot be set up in the digital certificate subsystem;It is characterized in that including below step:
(1)Should " digital certificate subsystem " receive " ' in the digital certificate subsystem, setting up the request of quadrature digital up-converter ' and ' dual digital signature of digital certificate management subsystem platform and CA ' ";
(2)Should " digital certificate subsystem " " corporate management module ", by agreement, using the digital certificate subsystem in " public key of the digital certificate of digital certificate management subsystem platform and the public key of CA digital certificates ", " dual digital signature " is verified;
(3)If the dual digital signature is verified, it is somebody's turn to do " corporate management module ", in " the digital certificate subsystem " " quadrature digital up-converter " is set up;
Wherein, the dual digital signature of " digital certificate management subsystem platform and CA ", can be " digital certificate management subsystem platform and national root CA " dual digital signature, can also be " digital certificate management subsystem platform and operation CA " dual digital signature;
Wherein, " quadrature digital up-converter " can be " in digital certificate subsystem, generation set up the unsymmetrical key of digital certificate to ", can also be " in digital certificate subsystem, digital certificate is set up in download ".
3. the present invention provides a kind of " mobile phone digital certificate subsystem host module ", is not include
" display panel module of digital certificate subsystem " but including the digital certificate subsystem main functional modules of " processor of digital certificate subsystem, memorizer, I/O interface and software system and Encryption Decryption module and key production module ";It is used for " generation set up the unsymmetrical key of digital certificate to ", storage and Applied Digital certificate, be digitally signed;
It is characterized in that:It is in structure can be detached with " digital certificate subsystem ", is " host module of separated digital certificate subsystem ";It is included " interface connector of digital certificate subsystem host module ", in the interface of the interface connector, include " interface of the connection communication of ' digital certificate subsystem host module ' and ' the interconnection mainframe computer system of digital certificate subsystem ' ", include " connecting interface of ' digital certificate subsystem host module ' and ' the output display panel module of digital certificate subsystem ' ";
It is further characterized in that:Its " display panel module " and " interface connector matched with its ' interface connector ' ", is integrated in " the interconnection mainframe computer system of its digital certificate subsystem ";It is to be connected with each other to communicate with " the interconnection mainframe computer system of its digital certificate subsystem " by " matching connector of ' its interface connector ' in its ' interconnection mainframe computer system of digital certificate subsystem ' ";Simultaneously, it is also to be connected with " ' its display panel module ' that be integrated in ' the interconnection mainframe computer system of its digital certificate subsystem ' " by " matching connector for being somebody's turn to do ' its interface connector ' in its ' interconnection mainframe computer system of digital certificate subsystem ' ", and output display information data;
Wherein, after it is connected to " ' its interface connector ' in its ' interconnection mainframe computer system of digital certificate subsystem ' ", then " the interconnection mainframe computer system of its digital certificate subsystem " just includes one " complete digital certificate subsystem ", and can carry out based on the application of the digital certificate subsystem;
Wherein, " the interconnection mainframe computer system of digital certificate subsystem ", is " can with digital certificate subsystem connection communication, and can be with the computer system of the Internet connection communication ";It can be cell phone system, panel computer system, notebook-computer system or other computer systems.
4. " digital certificate subsystem host module " as claimed in claim 3, it is further characterized in that:It comes with user input key, is directly connected with " the I/O interfaces of the SOC of digital certificate subsystem host module ", directly can send user command to the digital certificate subsystem host module;It is further characterized in that:It is included " display management module ", after " information data of request digital signature " is received when " the digital certificate subsystem host module ", should " display management module " meeting generation one " prompting of the user input key that operation ' digital certificate subsystem host module ' is carried " at random;" prompting " and " to show ' information data of request digital signature ' of confirmation ", sends jointly to the display panel module of " digital certificate subsystem host module ", is shown to user;User sees after display information, need to be operated with " the user input key that ' digital certificate subsystem host module ' is carried " by prompting;Meanwhile, it is somebody's turn to do " display management module ", the operation of user is monitored, and whether compare " operation of user " consistent with " operation of prompting ";If inconsistent, it is somebody's turn to do " digital certificate subsystem host module ", it is impossible to which " information data of request digital signature " is digitally signed.
5. a kind of cell phone system that the present invention is provided, including hand-set host system and display system, its feature exists
In:It includes digital certificate subsystem;And include:The user input module of digital certificate subsystem host module, the display panel module of digital certificate subsystem and digital certificate subsystem;
It is further characterized in that:Its " digital certificate subsystem host module " be in structure can with " digital certificate subsystem " and it is detached, be " host module of separated digital certificate subsystem ";Its " digital certificate subsystem host module " is included " interface connector of digital certificate subsystem host module ", in the interface of the interface connector, include " interface of the connection communication of ' digital certificate subsystem host module ' and ' the interconnection mainframe computer system of digital certificate subsystem ' ", include " connecting interface of ' digital certificate subsystem host module ' and ' the output display panel module of digital certificate subsystem ' ";
It is further characterized in that:Be somebody's turn to do " display panel module of digital certificate subsystem " and " interface connector matched with ' interface connector of the digital certificate subsystem host module ' ", it is integrated in cell phone system;It is to be connected with each other to communicate with " the interconnection mainframe computer system of the digital certificate subsystem " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ";Simultaneously, it is also to be connected with " ' display panel module of digital certificate subsystem ' that be integrated in ' the interconnection mainframe computer system of the digital certificate subsystem ' " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ", and output display information data;
Wherein, after " being somebody's turn to do ' interface connector of digital certificate subsystem host module ' in the cell phone system " is connected to when " the separated digital certificate subsystem host module ", then the cell phone system just includes one " complete digital certificate subsystem ", and can carry out based on the application of the digital certificate subsystem.
6. cell phone system as claimed in claim 5, is further characterized in that:It includes " the display panel module that cell phone system host module is shared with its digital certificate subsystem host module;
Wherein, it is to connect " the display output link of cell phone system host module " and " the display output link of separated digital certificate subsystem host module " respectively by " showing the selecting switch module of link " to be somebody's turn to do " shared display panel module ";" the selecting switch module of link should be shown " and include " control signal circuit for showing the selecting switch of link ", and the switch controlling signal is connected on " interface connector of separated digital certificate subsystem host module " in cell phone system;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the switch controlling signal is connected with " separated digital certificate subsystem host module ", and controls its state by " separated digital certificate subsystem host module ";" separated digital certificate subsystem host module " controls " showing the selecting switch module of link " in cell phone system, control " shared display panel module " and is attached to " the display output link of cell phone system host module " or " the display output link of separated digital certificate subsystem host module " by configuring the state of the switch controlling signal;Simultaneously, when " interface connector of separated digital certificate subsystem host module " in cell phone system is not connected with " separated digital certificate subsystem host module ", should " control signal circuit of the selecting switch of display link " default state in connection " the display output link of cell phone system host module ".
7. the cell phone system as described in claim 5,6, is further characterized in that:It is included " the user input module that cell phone system host module is shared with its digital certificate subsystem host module ";
Wherein, it is to connect " the user input link of cell phone system host module " and " the user input link of separated digital certificate subsystem host module " respectively by " selecting switch module " to be somebody's turn to do " shared user input module ";It is somebody's turn to do " selecting switch module " to include " control signal circuit of selecting switch ", and the switch controlling signal is connected on " interface connector of separated digital certificate subsystem host module " in cell phone system;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the switch controlling signal is connected with " separated digital certificate subsystem host module ", and controls its state by " separated digital certificate subsystem host module ";" separated digital certificate subsystem host module " controls " selecting switch module " in cell phone system, control " shared user input module " and is attached to " the user input link of cell phone system host module " or " the user input link of separated digital certificate subsystem host module " by configuring the state of the switch controlling signal;Simultaneously, when " interface connector of separated digital certificate subsystem host module " in cell phone system is not connected with " separated digital certificate subsystem host module ", should " control signal circuit of selecting switch " default state in connection " the user input link of cell phone system host module ".
8. the cell phone system as described in claim 5,6, one of 7, is further characterized in that:The interface of its " interface connector of separated digital certificate subsystem host module ", including the interface of simultaneously compatibility MICRO SD card SPI modes;Work as MICRO SD card is inserted on request after " interface connector of separated digital certificate subsystem host module " of the cell phone system, and the cell phone system can normally read and write MICRO SD cards by MICRO SD cards SPI mode;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the interface of the compatible MICRO SD cards SPI mode being somebody's turn to do in " interface connector of separated digital certificate subsystem host module ", for the connection communication of " separated digital certificate subsystem host module " and " cell phone system host module ".
9. the cell phone system as described in claim 5, one of 8, is further characterized in that:It includes " handss
The shared user input module of the separated formula digital certificate subsystem host module of machine system host module " and " the special display panel module of separated digital certificate subsystem host module ";Meanwhile, the interface of its " interface connector of separated digital certificate subsystem host module ", including I2C communication interfaces and " selecting switch module " control signal interface;
Wherein, it is to connect " the user input link of cell phone system host module " and " the user input link of separated digital certificate subsystem host module " respectively by " selecting switch module " to be somebody's turn to do " shared user input module ";It is somebody's turn to do " selecting switch module " to include " control signal circuit of selecting switch ", and the switch controlling signal is connected on " interface connector of separated digital certificate subsystem host module " in cell phone system;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the switch controlling signal is connected with " separated digital certificate subsystem host module ", and controls its state by " separated digital certificate subsystem host module ";" separated digital certificate subsystem host module " controls " selecting switch module " in cell phone system, control " shared user input module " and is attached to " the user input link of cell phone system host module " or " the user input link of separated digital certificate subsystem host module " by configuring the state of the switch controlling signal;Simultaneously, when " interface connector of separated digital certificate subsystem host module " in cell phone system is not connected with " separated digital certificate subsystem host module ", should " control signal circuit of selecting switch " default state in connection " the user input link of cell phone system host module ";
Wherein, it is somebody's turn to do " the special display panel module of separated digital certificate subsystem host module " and there is I2C communication interfaces, the I2C communication interfaces in its " interface connector of separated digital certificate subsystem host module " with the cell phone system is connected;After " interface connector of the separated digital certificate subsystem host module of the cell phone system " is connected to when " separated digital certificate subsystem host module ", the I2C interfaces that " separated digital certificate subsystem host module " passes through in " interface connector of separated digital certificate subsystem host module " are somebody's turn to do, to " the special display panel module of separated digital certificate subsystem host module " the output display information data.
10. one kind " the interconnection mainframe computer system of digital certificate subsystem " that the present invention is provided,
It is " can be with digital certificate subsystem connection communication, again can be with the computer system of the Internet connection communication ";It is characterized in that:It includes digital certificate subsystem;And include:The user input module of digital certificate subsystem host module, the display panel module of digital certificate subsystem and digital certificate subsystem;
It is further characterized in that:Its " digital certificate subsystem host module " be in structure can with " digital certificate subsystem " and it is detached, be " host module of separated digital certificate subsystem ";Its " digital certificate subsystem host module " is included " interface connector of digital certificate subsystem host module ", in the interface of the interface connector, include " interface of the connection communication of ' digital certificate subsystem host module ' and ' the interconnection mainframe computer system of digital certificate subsystem ' ", include " connecting interface of ' digital certificate subsystem host module ' and ' the output display panel module of digital certificate subsystem ' ";
It is further characterized in that:Be somebody's turn to do " display panel module of digital certificate subsystem " and " interface connector matched with ' interface connector of the digital certificate subsystem host module ' ", it is integrated in " the interconnection mainframe computer system of digital certificate subsystem ";It is to be connected with each other to communicate with " the interconnection mainframe computer system of the digital certificate subsystem " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ";Simultaneously, it is also to be connected with " ' display panel module of digital certificate subsystem ' that be integrated in ' the interconnection mainframe computer system of the digital certificate subsystem ' " by " matching connector for being somebody's turn to do ' interface connector of digital certificate subsystem host module ' being somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' " to be somebody's turn to do " digital certificate subsystem host module ", and output display information data;
Wherein, after " be somebody's turn to do in ' the interconnection mainframe computer system of digital certificate subsystem ' and be somebody's turn to do ' interface connector of digital certificate subsystem host module ' " is connected to when " the separated digital certificate subsystem host module ", then just should include one " complete digital certificate subsystem " in " the interconnection mainframe computer system of digital certificate subsystem ", and can carry out based on the application of the digital certificate subsystem.
CN201510696173.6A 2015-10-21 2015-10-21 A handset digital certificate subsystem, a system thereof and a method thereof Withdrawn CN106612365A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510696173.6A CN106612365A (en) 2015-10-21 2015-10-21 A handset digital certificate subsystem, a system thereof and a method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510696173.6A CN106612365A (en) 2015-10-21 2015-10-21 A handset digital certificate subsystem, a system thereof and a method thereof

Publications (1)

Publication Number Publication Date
CN106612365A true CN106612365A (en) 2017-05-03

Family

ID=58613679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510696173.6A Withdrawn CN106612365A (en) 2015-10-21 2015-10-21 A handset digital certificate subsystem, a system thereof and a method thereof

Country Status (1)

Country Link
CN (1) CN106612365A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106612361A (en) * 2015-10-22 2017-05-03 李京海 A handset digital certificate subsystem, a system thereof and a method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106612361A (en) * 2015-10-22 2017-05-03 李京海 A handset digital certificate subsystem, a system thereof and a method thereof

Similar Documents

Publication Publication Date Title
US11882509B2 (en) Virtual key binding method and system
CN104158567B (en) Matching method between bluetooth equipment and system, data interactive method and system
CN101699458B (en) Accessory authentication for electronic devices
US9979703B2 (en) Updating software on a secure element
US7552322B2 (en) Using a portable security token to facilitate public key certification for devices in a network
EP3255832A1 (en) Dynamic encryption method, terminal and server
CN106445860A (en) Power feeding system and power feed control method
CN104836784B (en) A kind of information processing method, client and server
CN101527714B (en) Method, device and system for accreditation
US9065806B2 (en) Internet based security information interaction apparatus and method
RU2011151051A (en) VERIFICATION OF PORTABLE CONSUMER DEVICES
WO2014161436A1 (en) Electronic signature token, and method and system for electronic signature token to respond to operation request
WO2021218166A1 (en) Contract signing method and apparatus, device and computer-readable storage medium
CN103747012A (en) Security verification method, device and system of network transaction
CN104917807A (en) Resource transfer method, apparatus and system
CN105101169A (en) Method and apparatus of information processing by trusted execution environment, terminal and SIM card
WO2018120938A1 (en) Offline key transmission method, terminal and storage medium
CN107835079A (en) A kind of two-dimentional code authentication method and equipment based on digital certificate
WO2007003078A1 (en) A method for implementing encryption and the device thereof
CN107743067A (en) Awarding method, system, terminal and the storage medium of digital certificate
EP2916483A1 (en) Transaction system and transaction method
US20140025946A1 (en) Audio-security storage apparatus and method for managing certificate using the same
CN108769043A (en) Trusted application Verification System and trusted application authentication method
CN104579659A (en) Device for safety information interaction
CN107733645B (en) Encrypted communication authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20170503