CN106686001A - Service security processing method and service security processing device - Google Patents
Service security processing method and service security processing device Download PDFInfo
- Publication number
- CN106686001A CN106686001A CN201710109611.3A CN201710109611A CN106686001A CN 106686001 A CN106686001 A CN 106686001A CN 201710109611 A CN201710109611 A CN 201710109611A CN 106686001 A CN106686001 A CN 106686001A
- Authority
- CN
- China
- Prior art keywords
- terminal
- terminal traffic
- certificate
- account
- traffic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a service security processing method and a service security processing device. The service security processing method includes receiving a terminal service account number sent by a terminal and service data signed by a private key of terminal service; querying a terminal service certificate correlated with the terminal service account number; verifying service data through the terminal service certificate; when the service data are verified successfully, processing according to the service data to obtain a first processing result, and signing the first processing result through a server private key; sending the signed first processing result to the terminal. The service security processing method and the service security processing device have the advantages that the terminal service account number is correlated to the terminal service certificate, and a server cannot pass verification of the terminal service data and the terminal service account number cannot be used on another terminal when a terminal service account number password of one terminal is illegally stolen and used on another terminal which is not encrypted by the private key of the terminal service corresponding to the terminal service account number, so that security of the service data is guaranteed.
Description
Technical field
The present invention relates to data processing field, more particularly to a kind of service security treating method and apparatus.
Background technology
With the development of technology, the business operation that user can be carried out in terminal is also more and more, for example, pay, buy
Etc. business.Following user is for the safety requirements also more and more higher of terminal and business.
Traditionally, typically in terminal business datum is signed by general private key, in server by corresponding
Public key is verified to the business datum signed, such that it is able to improve the safety of business datum.But under this kind of mode, once
The accounts information of user is stolen, then can realize corresponding business in any terminal, so as to cause the leakage of business datum.
The content of the invention
Based on this, it is necessary to for the leakage problem of business datum, there is provided a kind of service security treating method and apparatus.
A kind of service security processing method, methods described includes:
Terminal traffic account and the business datum through terminal traffic private key signature that receiving terminal sends;
The terminal traffic certificate that inquiry is associated with the terminal traffic account;
The business datum is verified by the terminal traffic certificate;
When the business datum is proved to be successful, then processed according to the business datum, obtained the first result;
First result is signed by privacy key;
First result after by signature is sent to the terminal.
Wherein in one embodiment, methods described also includes:
Termination ID and the terminal traffic account through terminal traffic private key signature that receiving terminal sends;
The terminal traffic certificate that inquiry is associated with the Termination ID;
The terminal traffic account is verified by the terminal traffic certificate;
When the terminal traffic account is proved to be successful, the terminal traffic account and the terminal traffic certificate are closed
Connection storage.
Wherein in one embodiment, terminal traffic account that the receiving terminal sends and through terminal traffic private key label
The step of business datum of name, including:
The first encryption data that receiving terminal sends;
First encryption data is decrypted by privacy key to obtain terminal traffic account and private through terminal traffic
The business datum of key signature;
It is described the step of signed to first result by privacy key, including:
First result is signed by privacy key;
First result after the terminal traffic certificate is to signature is encrypted;
It is described by signature after first result the step of send to the terminal, including:
First result after by encryption is sent to the terminal.
Wherein in one embodiment, Termination ID and the end through terminal traffic private key signature that the receiving terminal sends
The step of end business account, including:
The second encryption data that receiving terminal sends;
Second encryption data is decrypted by privacy key to obtain Termination ID and through terminal traffic private key signature
Terminal traffic account.
Wherein in one embodiment, methods described also includes:
The terminal traffic certificate is verified by root certificate;
When terminal traffic certification authentication success, then the terminal traffic certificate is continued through to the business datum
The step of being verified;
When the terminal traffic certification authentication is unsuccessful, then the information of the terminal traffic certificate error is exported.
A kind of service security processing meanss, including:
Receiver module, the terminal traffic account sent for receiving terminal and the business number through terminal traffic private key signature
According to;
Enquiry module, for inquiring about the terminal traffic certificate being associated with the terminal traffic account;
First authentication module, for being verified to the business datum by the terminal traffic certificate;
Processing module, for when the business datum is proved to be successful, then being processed according to the business datum, obtains
First result;
Encrypting module, for being signed to first result by privacy key;
Sending module, sends to the terminal for first result after by signature.
Wherein in one embodiment, receiver module is additionally operable to the Termination ID of receiving terminal transmission and through terminal traffic private
The terminal traffic account of key signature;
The enquiry module is additionally operable to inquire about the terminal traffic certificate being associated with the Termination ID;
First authentication module is additionally operable to verify the terminal traffic account by the terminal traffic certificate;
Described device also includes:
Relating module, for when the terminal traffic account is proved to be successful, by the terminal traffic account and described
Terminal traffic certificate associated storage.
Wherein in one embodiment, the receiver module includes:
Receiving unit, for the first encryption data that receiving terminal sends;
Decryption unit, for decrypting first encryption data to obtain terminal traffic account and Jing by privacy key
Cross the business datum of terminal traffic private key signature;
The encrypting module includes:
Signature unit, for being signed to first result by privacy key;
Ciphering unit, for by the terminal traffic certificate to signature after first result be encrypted;
First result after the sending module is additionally operable to encryption is sent to the terminal.
Wherein in one embodiment, the receiving unit is additionally operable to the second encryption data of receiving terminal transmission;
The decryption unit is additionally operable to decrypt second encryption data to obtain Termination ID and Jing by privacy key
Cross the terminal traffic account of terminal traffic private key signature.
Wherein in one embodiment, also include:
Second authentication module, for being verified to the terminal traffic certificate by root certificate, and when the terminal industry
During business certification authentication success, then the business datum is verified by the terminal traffic certificate, when the terminal traffic
When certification authentication is unsuccessful, then the information of the terminal traffic certificate error is exported.
Above-mentioned service security treating method and apparatus, terminal traffic account and terminal traffic certificate are associated, so
Because terminal and terminal traffic certificate are one-to-one relations, so as to terminal traffic account and terminal traffic certificate are also one by one
Corresponding relation, and then when using in another terminal after the terminal traffic account number cipher of a station terminal is by unauthorized theft, it adds
Close carried out using other terminal secret key, rather than the terminal traffic private key corresponding with the terminal traffic account is carried out, from
And server can not be by the checking to terminal traffic data, therefore the terminal traffic account can not be used in another station terminal,
So as to ensure that the safety of business datum.
Description of the drawings
Fig. 1 is the application scenario diagram of the service security processing method in an embodiment;
Fig. 2 is the flow chart of the service security processing method in an embodiment;
Fig. 3 is the flow chart of associated steps in an embodiment;
Fig. 4 is the flow chart of the receiving step in embodiment illustrated in fig. 1;
Fig. 5 is the flow chart of the signature step in embodiment illustrated in fig. 1;
Fig. 6 is the flow chart of the receiving step in embodiment illustrated in fig. 2;
Fig. 7 is the flow chart of verification step in an embodiment;
Fig. 8 is the structural representation of service security processing meanss in an embodiment.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is used only for explaining the present invention, and
It is not used in the restriction present invention.
Describe in detail embodiments in accordance with the present invention before, it should be noted that, described embodiment essentially consist in
The combination of the related step of service security treating method and apparatus and system component.Therefore, said system component and method and step
Showed in position by ordinary symbol in the accompanying drawings, and merely illustrate and understand the enforcement of the present invention
The relevant details of example, in order to avoid because of obvious those details for those of ordinary skill in the art of the present invention are had benefited from
The disclosure is obscured.
Herein, such as left and right, upper and lower, front and rear, and first and second etc relational terms are used merely to area
Divide an entity or action and another entity or action, and not necessarily require or imply any between this entity or action
This relation or order of reality.Term " including ", "comprising" or any other variant are intended to including for nonexcludability, by
This causes the process, method, article or the equipment that include a series of key elements not only comprising these key elements, but also comprising not bright
Other key elements really listed, the either key element intrinsic for this process, method, article or equipment.
Refer to shown in Fig. 1, Fig. 1 is the application scenario diagram of the service security processing method in an embodiment, in the enforcement
In example, terminal and server can be communicated, and user carries out service request in end, and performs corresponding business, service
Device can be verified etc. to user in the business datum handled by terminal, to ensure the safety of terminal traffic.
Refer to shown in Fig. 2, Fig. 2 is the flow chart of the service security processing method in an embodiment, in this embodiment,
The method can include:
S202:Terminal traffic account and the business datum through terminal traffic private key signature that receiving terminal sends.
Wherein, terminal traffic account is that user is applied for the registration of by terminal, and for example, terminal shows account application interface,
The terminal traffic account can be sent to server, Jing by user by the interface input terminal business account and password, terminal
Cross after server authentication and realize the registration of terminal traffic account.
Terminal traffic private key is generated when terminal is dispatched from the factory, and it is corresponding with terminal traffic certificate, i.e. terminal traffic
Private key and terminal traffic certificate form an encrypting and decrypting pair, when terminal is dispatched from the factory, are given birth in every station terminal by specific root certificate
Into random terminal traffic private key and terminal traffic certificate, the terminal traffic certificate of each business of each terminal and terminal
Business private key is differed.And due to terminal when dispatching from the factory the i.e. Termination ID (abbreviation of Identity) of existence anduniquess, the terminal
ID and terminal traffic private key are one-to-one relations, so as to Termination ID and terminal traffic certificate are also one-to-one relationship, and
Due to terminal traffic account and terminal traffic certificate it is associated, so as to terminal traffic account and terminal traffic certificate are also one a pair
Should be related to.
S204:The terminal traffic certificate that inquiry is associated with terminal traffic account.
Specifically, the corresponding relation of terminal traffic account and terminal traffic certificate can be previously stored with server,
So when the terminal traffic account that terminal is sent is received, the correspondence pass prestored in traversal server can be passed through
System is inquiring corresponding terminal traffic certificate.
S206:Business datum is verified by terminal traffic certificate.
Specifically, because terminal to server when terminal traffic data are sent, terminal traffic private key pair is first passed through
The terminal traffic data are encrypted, then by the business datum after terminal traffic private key signature and corresponding terminal traffic
Account is sent to server, and server can inquire corresponding terminal traffic certificate according to terminal traffic account, i.e., with terminal
The corresponding terminal traffic certificate of business private key, such that it is able to pass through the terminal traffic certificate to through terminal traffic private key encryption
Business datum verified.
When the terminal traffic account and password of user are illegally stolen, illegal stealer is logged in other-end,
Corresponding business is carried out, for example, is transferred accounts or is done shopping, the business datum for being formed can be using the terminal prestored in the other-end
Business private key is encrypted, and corresponding terminal traffic account and the terminal traffic private key prestored in the other-end are entered
The business datum of row encryption is sent to server, and server receives terminal traffic account and prestores in the other-end
During the business datum that terminal traffic private key is encrypted, first pass through terminal traffic account and inquire corresponding terminal traffic card
Book, i.e., corresponding with former terminal terminal traffic certificate, and because business datum is the terminal by prestoring in the other-end
Business private key is encrypted, therefore server to business datum with the terminal traffic certificate of former terminal when being verified, is nothing
What method was proved to be successful, so as to ensure that the safety of terminal traffic.
S207:When business datum is proved to be successful, then process is carried out according to business datum and obtain the first result.
Specifically, when business datum is proved to be successful, then server can be processed according to business datum, be tied
Really, for example, when business datum is query statement, then server can obtain corresponding result according to the query statement inquiry,
And the corresponding result is back to into terminal.
S208:The first result is signed by privacy key.
Specifically, server is obtained after the first result to business data processing, needs to send the first result
To terminal, so that terminal can carry out subsequent treatment, for example, receive the operation of user, or prompting user's lack of competence is operated
Deng.Simultaneously in order to protect the first result not to be tampered, server can be entered by privacy key to the first result
Row signature, so as to the terminal of the corresponding server public key that is only stored with, just can correctly identify the first result, enter one
Ensure that to step the safety of business.
So, when end receives above-mentioned signed data, it is necessary to carry out sign test using corresponding server public key, from
And can ensure that the first result of the signature received by terminal is that the server trusted of terminal sends, and can be with
Before using server certificate, by root certificate come authentication server public key, so as to ensure the effectiveness of server public key, enter one
Step improves the safety of business.
S210:The first result after by signature is sent to terminal.
Above-mentioned service security processing method, terminal traffic account and terminal traffic certificate is associated, so due to end
End and terminal traffic certificate are one-to-one relations, so as to terminal traffic account is also one-to-one with terminal traffic certificate
Relation, and then when using in another terminal after the terminal traffic account number cipher of a station terminal is by unauthorized theft, its encryption is to adopt
Carried out with other terminal secret key, rather than the terminal traffic private key corresponding with the terminal traffic account is carried out, so as to service
Device can not be by the checking to terminal traffic data, therefore the terminal traffic account can not be used in another station terminal, so as to protect
The safety of business datum is demonstrate,proved.
Wherein in one embodiment, service security processing method also includes associated steps, and the associated steps can be in Fig. 1
Carry out before shown method, as shown in figure 3, the associated steps can include:
S302:Termination ID and the terminal traffic account through terminal traffic private key signature that receiving terminal sends.
In actual applications, server may not be stored with advance the correspondence pass of terminal traffic account and terminal traffic certificate
System, for example, when a terminal is to use first, the terminal may not apply for the registration of any terminal traffic account, because
This, user may need first to file terminal traffic account, and when data are sent to server, first whether detection terminal is terminal
Terminal traffic account is first logged into, if first logging into terminal traffic account, then Termination ID is sent and through eventually to server
The terminal traffic account of end business private key signature, it can also simultaneously send Termination ID and the end through terminal traffic private key signature
End business account, account number cipher etc..
S304:The terminal traffic certificate that inquiry is associated with Termination ID.
Specifically, because before terminal is dispatched from the factory, the corresponding relation of terminal traffic certificate and Termination ID has been saved in service
Device, i.e., can be that corresponding Termination ID and terminal traffic certificate are configured by server in practical operation, in other words,
Termination ID and terminal traffic certificate are one-to-one relations, and because Termination ID and terminal traffic account have carried out phase in terminal
Often the binding answered, can set up the one-to-one relationship of terminal traffic certificate and terminal traffic account, i.e., so as to pass through Termination ID
One terminal traffic account has a unique terminal traffic certificate to correspond to therewith.
So, Termination ID and terminal traffic certificate carried out into one-to-one storage before dispatching from the factory due to terminal, and
The storage relation is stored in into server.Terminal, can be by the ID of terminal by terminal traffic account and terminal when account is added
Service certificate is bound, and so this terminal traffic account just can only be used in this station terminal, it is ensured that safety, even and if eventually
End ID and terminal traffic account are all stolen, and because terminal traffic private key is not stolen, it can not normally use the terminal
Business account.
S306:Terminal traffic account is verified by terminal traffic certificate.
Specifically, because terminal traffic account is signed in terminal by terminal traffic private key, terminal traffic private key
It is again corresponding with terminal traffic certificate, therefore can be by corresponding terminal traffic certificate to through terminal traffic in server end
The terminal traffic account that private key is signed is verified.
S308:When terminal traffic account is proved to be successful, by terminal traffic account and terminal traffic certificate associated storage.
Terminal traffic account also needs to whether the terminal traffic account number in server lookup has been registered after being proved to be successful, account
Whether number name form is correct etc., if all by succeeding in registration at last.And herein, describe for convenience, account
Number password all for sky, also need in actual use verify password.After terminal traffic account succeeds in registration, server is then straight
Connect the corresponding relation of storage terminal traffic account and terminal traffic certificate.When terminal traffic account is not proved to be successful, service
Device then can return the information of registration failure to terminal.
In the above-described embodiments, terminal traffic account and terminal traffic certificate are associated by Termination ID, so as to protect
One terminal traffic account of card just can only be used in a terminal, even if terminal traffic account and password are illegally stolen,
Can not be operated in other-end, it is ensured that the safety of terminal traffic, and due to being demonstrate,proved according to the root of feature before terminal is dispatched from the factory
Book generates at random corresponding terminal traffic private key and terminal traffic certificate in every station terminal, it is ensured that only particular vendor is issued
Terminal could use the business safely.
Wherein in one embodiment, the stream of Fig. 4 and Fig. 5, Fig. 4 for the receiving step in embodiment illustrated in fig. 1 is referred to
Cheng Tu, Fig. 5 are the flow chart of the signature step in embodiment illustrated in fig. 1, and in this embodiment, receiving step is that receiving terminal is sent out
The step of terminal traffic account sent and the business datum through terminal traffic private key signature, can include:
S402:The first encryption data that receiving terminal sends.
Specifically, terminal can pass through terminal when terminal traffic account and business datum are sent to into server, first
Business private key is signed to business datum, then by through the business datum and terminal traffic account server public key of signature
It is encrypted to obtain the first encryption data, first encryption data can be sent to server by terminal.
S404:The first encryption data is decrypted by privacy key to obtain terminal traffic account and private through terminal traffic
The business datum of key signature.
Specifically, after server receives above-mentioned first encryption data, can first by relative with server public key
The privacy key answered is decrypted, to obtain terminal traffic account and the business datum through terminal traffic private key encryption, clothes
Business device inquires corresponding terminal traffic certificate by terminal traffic account again, finally by the terminal traffic certificate to through eventually
The business datum of end business private key encryption is verified.
Correspondingly, in this embodiment, signature step is signed by privacy key to the first result
Step, can include:
S502:The first result is signed by privacy key.
Specifically, when server needs to send data to terminal, such as the first result can first pass through server
Private key is signed to the first result.
S504:The first result after terminal traffic certificate is to signature is encrypted.
Specifically, after signing to the first result by privacy key, end can also be further advanced by
The first result after service certificate is held to signature is encrypted, to improve the safety of data transfer between server and terminal
Property.
And correspondingly, S210 the step of shown in Fig. 1, by signature after the first result the step of send to terminal,
Including:The first result after by encryption is sent to terminal.
In above-described embodiment, when either terminal to server sends data, or server to terminal transmission data,
Encrypted by two steps, the safety of business datum can be greatly improved, such that it is able to improve the safety of business.
Wherein in one embodiment, Fig. 6 is referred to, Fig. 6 is the flow chart of the receiving step in embodiment illustrated in fig. 2,
In this embodiment, receiving step is the Termination ID and the terminal traffic account through terminal traffic private key signature that receiving terminal sends
Number the step of, can include:
S602:The second encryption data that receiving terminal sends.
Specifically, terminal can pass through terminal industry when terminal traffic account and Termination ID are sent to into server, first
Business private key is signed to terminal traffic account, then by through the terminal traffic account and Termination ID server public key of signature
It is encrypted to obtain the second encryption data, second encryption data can be sent to server by terminal.
S604:Decrypt the second encryption data to obtain Termination ID and through terminal traffic private key signature by privacy key
Terminal traffic account.
Specifically, after server receives above-mentioned second encryption data, can first by relative with server public key
The privacy key answered is decrypted, to obtain Termination ID and the terminal traffic account through terminal traffic private key encryption, service
Device inquires corresponding terminal traffic certificate by Termination ID again, finally by the terminal traffic certificate to private through terminal traffic
The terminal traffic account of key encryption is verified.
In above-described embodiment, when either terminal to server sends data, or server to terminal transmission data,
Encrypted by two steps, the safety of business datum can be greatly improved, such that it is able to improve the safety of business.
Wherein in one embodiment, Fig. 7 is referred to, Fig. 7 is the flow chart of verification step in an embodiment, in the enforcement
In example, the verification step can include:
S702:Terminal traffic certificate is verified by root certificate.
Specifically, the terminal traffic account that can be stored with corresponding with each terminal in server and terminal traffic certificate,
But because server is in networking state, therefore there is the risk being tampered in the terminal traffic certificate, and due to terminal
Service certificate is typically stored in hard disk, in the case where server power-off or being subjected to physics bang, terminal traffic card
The possible partial loss of the data of book, therefore in order to ensure the effectiveness of terminal traffic certificate, first by the root certificate pair of company
It is verified.
S704:When terminal traffic certification authentication success, then continue through terminal traffic certificate and business datum is tested
The step of card.
Specifically, when terminal traffic certification authentication success, then the terminal traffic certificate can be used, that is, continues through end
Hold service certificate to verify business datum, or continue through terminal traffic certificate and terminal traffic account is verified
Deng.
S706:When terminal traffic certification authentication is unsuccessful, then the information of outlet terminal service certificate mistake.
Specifically, when terminal traffic certificate is not verified, i.e., terminal traffic certificate be tampered or data division lose when,
Can exporting information by way of point out the user terminal traffic certificate to be tampered or lose, so as to user can download
New terminal traffic certificate, or server can network and directly download new terminal traffic certificate, and this download is notified
To user.
In above-described embodiment, before using terminal service certificate, terminal traffic certificate is verified by root certificate,
The effectiveness of terminal traffic certificate is ensure that, the safety of terminal traffic is further increasing.
Fig. 8 is referred to, Fig. 8 is the structural representation of business processing device in an embodiment, at the business in the embodiment
Reason device can include:
Receiver module 100, the terminal traffic account sent for receiving terminal and the industry through terminal traffic private key signature
Business data.
Enquiry module 200, for inquiring about the terminal traffic certificate being associated with terminal traffic account.
First authentication module 300, for being verified to business datum by terminal traffic certificate.
Processing module 600, for when business datum is proved to be successful, then being processed according to business datum, obtains first
Result.
Encrypting module 400, for being signed to the first result by privacy key.
Sending module 500, sends to terminal for the first result after by signature.
Wherein in one embodiment, receiver module 100 can be also used for the Termination ID of receiving terminal transmission and through eventually
The terminal traffic account of end business private key signature.
Enquiry module 200 can be also used for inquiring about the terminal traffic certificate being associated with Termination ID.
First authentication module 300 can be also used for verifying terminal traffic account by terminal traffic certificate
The device can also include:
Relating module, for when terminal traffic account is proved to be successful, by terminal traffic account and terminal traffic certificate
Associated storage.
Wherein in one embodiment, receiver module 100 can include:
Receiving unit, for the first encryption data that receiving terminal sends.
Decryption unit, for decrypting the first encryption data by privacy key to obtain terminal traffic account and pass through eventually
The business datum of end business private key signature.
Encryption 400 can include:
Signature unit, for being signed to the first result by privacy key.
Ciphering unit, for by terminal traffic certificate to signature after the first result be encrypted.
The first result after sending module 500 is additionally operable to encryption is sent to terminal.
Wherein in one embodiment, receiving unit can be also used for the second encryption data of receiving terminal transmission.
Decryption unit can be also used for decrypting the second encryption data by privacy key to obtain Termination ID and pass through eventually
The terminal traffic account of end business private key signature.
Wherein in one embodiment, can also include:
Second authentication module, for being verified to terminal traffic certificate by root certificate, and when terminal traffic certificate is tested
When demonstrate,proving successfully, then business datum is verified by terminal traffic certificate, it is when terminal traffic certification authentication is unsuccessful, then defeated
Go out the information of terminal traffic certificate error.
Each technical characteristic of embodiment described above can be combined arbitrarily, to make description succinct, not to above-mentioned reality
Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, the scope of this specification record is all considered to be.
Embodiment described above only expresses the several embodiments of the present invention, and its description is more concrete and detailed, but and
Can not therefore be construed as limiting the scope of the patent.It should be pointed out that for one of ordinary skill in the art comes
Say, without departing from the inventive concept of the premise, some deformations and improvement can also be made, these belong to the protection of the present invention
Scope.Therefore, the protection domain of patent of the present invention should be defined by claims.
Claims (10)
1. a kind of service security processing method, it is characterised in that methods described includes:
Terminal traffic account and the business datum through terminal traffic private key signature that receiving terminal sends;
The terminal traffic certificate that inquiry is associated with the terminal traffic account;
The business datum is verified by the terminal traffic certificate;
When the business datum is proved to be successful, then processed according to the business datum, obtained the first result;
First result is signed by privacy key;
First result after by signature is sent to the terminal.
2. method according to claim 1, it is characterised in that methods described also includes:
Termination ID and the terminal traffic account through terminal traffic private key signature that receiving terminal sends;
The terminal traffic certificate that inquiry is associated with the Termination ID;
The terminal traffic account is verified by the terminal traffic certificate;
When the terminal traffic account is proved to be successful, the terminal traffic account and terminal traffic certificate association are deposited
Storage.
3. method according to claim 1 and 2, it is characterised in that terminal traffic account that the receiving terminal sends and
The step of the business datum of terminal traffic private key signature, including:
The first encryption data that receiving terminal sends;
First encryption data is decrypted by privacy key to obtain terminal traffic account and through terminal traffic private key label
The business datum of name;
It is described the step of signed to first result by privacy key, including:
First result is signed by privacy key;
First result after the terminal traffic certificate is to signature is encrypted;
It is described by signature after first result the step of send to the terminal, including:
First result after by encryption is sent to the terminal.
4. method according to claim 2, it is characterised in that Termination ID that the receiving terminal sends and through terminal industry
The step of terminal traffic account of business private key signature, including:
The second encryption data that receiving terminal sends;
Decrypt second encryption data to obtain Termination ID and the end through terminal traffic private key signature by privacy key
End business account.
5. method according to claim 2, it is characterised in that methods described also includes:
The terminal traffic certificate is verified by root certificate;
When terminal traffic certification authentication success, then continue through the terminal traffic certificate is carried out to the business datum
The step of checking;
When the terminal traffic certification authentication is unsuccessful, then the information of the terminal traffic certificate error is exported.
6. a kind of service security processing meanss, it is characterised in that include:
Receiver module, the terminal traffic account sent for receiving terminal and the business datum through terminal traffic private key signature;
Enquiry module, for inquiring about the terminal traffic certificate being associated with the terminal traffic account;
First authentication module, for being verified to the business datum by the terminal traffic certificate;
Processing module, for when the business datum is proved to be successful, then being processed according to the business datum, obtains first
Result;
Encrypting module, for being signed to first result by privacy key;
Sending module, sends to the terminal for first result after by signature.
7. device according to claim 6, it is characterised in that receiver module be additionally operable to the Termination ID of receiving terminal transmission and
Through the terminal traffic account of terminal traffic private key signature;
The enquiry module is additionally operable to inquire about the terminal traffic certificate being associated with the Termination ID;
First authentication module is additionally operable to verify the terminal traffic account by the terminal traffic certificate;
Described device also includes:
Relating module, for when the terminal traffic account is proved to be successful, by the terminal traffic account and the terminal
Service certificate associated storage.
8. the device according to claim 6 or 7, it is characterised in that the receiver module includes:
Receiving unit, for the first encryption data that receiving terminal sends;
Decryption unit, for decrypting first encryption data by privacy key to obtain terminal traffic account and pass through eventually
The business datum of end business private key signature;
The encrypting module includes:
Signature unit, for being signed to first result by privacy key;
Ciphering unit, for by the terminal traffic certificate to signature after first result be encrypted;
First result after the sending module is additionally operable to encryption is sent to the terminal.
9. device according to claim 8, it is characterised in that the receiving unit is additionally operable to the second of receiving terminal transmission
Encryption data;
The decryption unit is additionally operable to decrypt second encryption data by privacy key to obtain Termination ID and pass through eventually
The terminal traffic account of end business private key signature.
10. device according to claim 7, it is characterised in that also include:
Second authentication module, for being verified to the terminal traffic certificate by root certificate, and when terminal traffic card
When book is proved to be successful, then the business datum is verified by the terminal traffic certificate, when the terminal traffic certificate
When verifying unsuccessful, then the information of the terminal traffic certificate error is exported.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710109611.3A CN106686001A (en) | 2017-02-27 | 2017-02-27 | Service security processing method and service security processing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710109611.3A CN106686001A (en) | 2017-02-27 | 2017-02-27 | Service security processing method and service security processing device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106686001A true CN106686001A (en) | 2017-05-17 |
Family
ID=58862647
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710109611.3A Pending CN106686001A (en) | 2017-02-27 | 2017-02-27 | Service security processing method and service security processing device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106686001A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183932A (en) * | 2007-12-03 | 2008-05-21 | 宇龙计算机通信科技(深圳)有限公司 | Security identification system of wireless application service and login and entry method thereof |
| CN101242271A (en) * | 2008-01-24 | 2008-08-13 | 陕西海基业高科技实业有限公司 | Trusted remote service method and system |
| CN105335848A (en) * | 2014-08-15 | 2016-02-17 | 中国电信股份有限公司 | Broadband account number payment method and system, broadband payment platform and security certification platform |
-
2017
- 2017-02-27 CN CN201710109611.3A patent/CN106686001A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183932A (en) * | 2007-12-03 | 2008-05-21 | 宇龙计算机通信科技(深圳)有限公司 | Security identification system of wireless application service and login and entry method thereof |
| CN101242271A (en) * | 2008-01-24 | 2008-08-13 | 陕西海基业高科技实业有限公司 | Trusted remote service method and system |
| CN105335848A (en) * | 2014-08-15 | 2016-02-17 | 中国电信股份有限公司 | Broadband account number payment method and system, broadband payment platform and security certification platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108684041B (en) | System and method for login authentication | |
| CN109309565B (en) | Security authentication method and device | |
| US6073237A (en) | Tamper resistant method and apparatus | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| US8588415B2 (en) | Method for securing a telecommunications terminal which is connected to a terminal user identification module | |
| CN101828357B (en) | Credential provisioning method and device | |
| CN101588245B (en) | Method of identity authentication, system and memory device thereof | |
| US20170208049A1 (en) | Key agreement method and device for verification information | |
| US10263782B2 (en) | Soft-token authentication system | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN101841525A (en) | Secure access method, system and client | |
| EP1346511A1 (en) | A platform and method for securely transmitting authorization data | |
| WO2003073688A1 (en) | Authenticating hardware devices incorporating digital certificates | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN109729080A (en) | Access attack guarding method and system based on block chain domain name system | |
| CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
| US10291614B2 (en) | Method, device, and system for identity authentication | |
| EP1081891A2 (en) | Autokey initialization of cryptographic devices | |
| CN106656955A (en) | Communication method and system and user terminal | |
| CN111224784A (en) | Role separation distributed authentication and authorization method based on hardware trusted root | |
| CN112769789B (en) | Encryption communication method and system | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN109495441A (en) | Access authentication method, device, relevant device and computer readable storage medium | |
| CN105873043B (en) | Method and system for generating and applying network private key for mobile terminal | |
| CN113115255A (en) | Certificate issuing method, secret key authentication method, vehicle unlocking method, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170517 |