CN106936789B - Application method for authentication by using double certificates - Google Patents
Application method for authentication by using double certificates Download PDFInfo
- Publication number
- CN106936789B CN106936789B CN201511025602.3A CN201511025602A CN106936789B CN 106936789 B CN106936789 B CN 106936789B CN 201511025602 A CN201511025602 A CN 201511025602A CN 106936789 B CN106936789 B CN 106936789B
- Authority
- CN
- China
- Prior art keywords
- certificate
- authentication
- work
- working
- certificates
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an application method for authentication by using double certificates, which comprises the following steps: 1) configuring an application system, designating a working certificate available for the application system, designating an authentication certificate and a working certificate pair which can pass two-way authentication, and designating a condition for starting the working certificate; 2) enabling the authentication certificate by the user; 3) the authentication certificate and the work certificate are subjected to bidirectional authentication; 4) and starting the work certificate to realize the operation of various functions of the application system. The invention has the beneficial effects that: the invention can safely and conveniently start the work certificate in the application system, provides an emergency plan with strong safety, and can well solve the actual requirement that a plurality of users need to cooperate together in the business system to start some functions of the system.
Description
Technical Field
The invention belongs to the technical field of computers and information security, and particularly relates to an application method for safely and conveniently starting a work certificate by using an authentication certificate.
Background
With the rapid development of information industry technology, various industries are beginning to perform informatization and networking. In order to protect the legitimate rights and interests of owners and users of various industry information systems, the industry information systems use digital certificates for identity authentication, data encryption and integrity protection. Currently, the mainstream practice is to use the USB Key as a carrier of the digital certificate, and to enable the digital certificate, a PIN code needs to be input or a user fingerprint needs to be verified. This approach has some disadvantages:
1. if the USB Key is lost or forgotten to be taken, the USB Key cannot be used for carrying out strong identity authentication in a digital certificate mode. Before re-claiming the USB Key, only an emergency plan can be used to perform identity authentication, such as password authentication, issuing a temporary soft certificate, and the like. The reliability and security of these emergency plans are lower than the way that hardware uses digital certificates;
2. if the USB Key is connected to the computer through USB, the user must physically approach the computer in order to enter a PIN code or perform fingerprint verification. If the USB Key is connected with the computer in a wireless mode such as Bluetooth and the like, the USB Key and the computer cannot perform identity authentication through a digital certificate, so that a small safety risk exists;
3. TF cards are commonly used on mobile terminal devices as carriers of digital certificates, which the user inserts into the mobile terminal when using. Most users are used to avoid pulling out the TF card after using the TF card for convenience. Once the mobile terminal is lost, only certificate PIN codes and the like are used for protecting the security of the user, and the security can be threatened.
4. The existing USB Key only supports a one-person one-certificate one-Key using method, namely, one user holds one USB Key, only stores a digital certificate corresponding to the user in the USB Key, and when the user uses an application system, the digital certificate is used for completing corresponding functional operation. In many cases, multiple users are required to collaborate together to enable certain functions of the system, for example, a decision may require four of seven administrators to approve. Obviously, the existing method of one person and one certificate and one Key cannot meet the requirements, and the application system brings great troubles.
Therefore, how to safely and conveniently enable the digital certificate in the application system is a technical problem which needs to be solved urgently in the field. The applicant has therefore made an advantageous search and attempt to solve the above-mentioned problems, in the context of which the technical solutions to be described below have been created.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: aiming at the defects of the prior art, the application method using the double certificates for authentication is provided, a user has the authentication certificate, the application system on the computer uses the working certificate, and the user uses the authentication certificate to start the working certificate to complete various functional operations of the application system on the computer.
The technical problem solved by the invention can be realized by adopting the following technical scheme:
an application method using dual certificates for authentication, comprising the steps of:
1) configuring an application system, designating a working certificate available for the application system, designating an authentication certificate and a working certificate pair which can pass two-way authentication, and designating a condition for starting the working certificate;
2) enabling the authentication certificate by the user;
3) the authentication certificate and the work certificate are subjected to bidirectional authentication;
4) and starting the work certificate to realize the operation of various functions of the application system.
In a preferred embodiment of the present invention, in step 1), default configuration may be performed on the application system, the default specifies a work certificate available to the application system, the default specifies an authentication certificate and a work certificate pair that can pass mutual authentication, and the default specifies a condition for starting the work certificate.
In a preferred embodiment of the present invention, in step 1), the condition for starting the work certificate includes directly using a PIN code or satisfying a condition that a certain number of authentication certificates and the work certificate pass through mutual authentication.
In a preferred embodiment of the present invention, when the working certificate available to the application system is specified in step 1), a certain authentication certificate may be specified to be directly used as an available working certificate to implement operations on various functions of the application system.
In a preferred embodiment of the present invention, in the step 1), the working certificate or the authentication certificate is a certificate conforming to an x.509 format.
In a preferred embodiment of the present invention, in the step 1), the working certificate and the authentication certificate are in the same medium or in different media.
In a preferred embodiment of the present invention, in the step 2), the enabling manner of the user to enable the authentication certificate is a verification fingerprint enabling manner or an input PIN code enabling manner.
In a preferred embodiment of the present invention, in step 3), the same work certificate can be bidirectionally authenticated with multiple authentication certificates at the same time, and the same authentication certificate can be bidirectionally authenticated with multiple work certificates at the same time.
In a preferred embodiment of the present invention, in step 3), the communication mode for performing mutual authentication between the authentication certificate and the employee certificate in different mediums is one of WIFI, bluetooth or NFC.
In a preferred embodiment of the present invention, in the step 3), the method for performing mutual authentication between the authentication certificate and the work certificate is an SSL mutual authentication method or an SPKM mutual authentication method.
Due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. a strong safety emergency plan. When the work certificate cannot be used due to reasons such as medium loss and the like, the application system can set an authentication certificate held by a user as the work certificate, and directly use the authentication certificate to work so as to complete various functional operations on the application system; when the authentication certificate cannot be used due to media loss and the like, the application system can directly use the PIN code to enable the work certificate to work, and various functional operations of the application system are completed.
2. And (4) an unbounded working mode. The medium of the work certificate is directly connected with the computer, the medium of the authentication certificate is carried by the user, bidirectional authentication is performed through wireless connection modes such as WIFI and the like, the user can freely move without being bound by the work computer through the working mode, and the highest safety of a communication link is guaranteed.
3. Rich system applications are supported. For example, the application system may set a certain number of authentication certificates and the work certificate to be started after the work certificate passes the bidirectional authentication, and the work certificate and the authentication certificate perform the bidirectional authentication one to many at the same time, which is particularly suitable for the process that needs the simultaneous cooperation of many people to complete.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a block flow diagram of the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further explained below by combining the specific drawings.
Referring to fig. 1, an application method of the present invention for authentication using dual certificates is shown, which includes the following steps:
104, enabling an authentication certificate by a user through fingerprint verification, PIN code input and other modes;
and 106, starting the work certificate to realize the operation of each function of the application system. If it is specified that the user authentication certificate is the work certificate, or the condition for starting the work certificate is not that a certain number of authentication certificates are authenticated against it, the fingerprint or PIN code is checked before the work certificate is started.
The invention can safely and conveniently start the work certificate in the application system, provides an emergency plan with strong safety, and can well solve the actual requirement that a plurality of users need to cooperate together in the business system to start some functions of the system.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (10)
1. An application method using dual certificates for authentication, comprising the steps of:
1) configuring an application system, designating a working certificate available for the application system, designating an authentication certificate and a working certificate pair which can pass two-way authentication, and designating a condition for starting the working certificate;
2) judging whether the designated certificate is an available working certificate of the system, if so, entering a step 6), and if not, entering a step 3);
3) judging whether the condition for appointing to start the work certificate is a certain number of authentication certificates and the work certificate carries out mutual authentication, if so, entering a step 4), and if not, entering a step 6);
4) enabling the authentication certificate by the user;
5) the authentication certificate and the work certificate are subjected to bidirectional authentication;
6) and starting the work certificate to realize the operation of various functions of the application system.
2. The application method for authentication using dual certificates as claimed in claim 1, wherein in step 1), default configuration can be performed on the application system, default designates the work certificate available to the application system, default designates the authentication certificate and work certificate pair that can pass the mutual authentication, and default designates the condition for starting the work certificate.
3. The method for applying authentication using dual certificates according to claim 1, wherein in step 1), the condition for starting the working certificate includes directly using a PIN code or satisfying a certain number of authentication certificates and the working certificate passing mutual authentication.
4. The method for performing authentication using dual certificates according to claim 1, wherein when the working certificate available to the application system is specified in step 1), a certain authentication certificate can be specified to be directly used as an available working certificate to perform operations on functions of the application system.
5. The application method using dual certificate for authentication according to claim 1, wherein in step 1), the working certificate or the authentication certificate is a certificate conforming to x.509 format.
6. The application method using dual certificate for authentication according to claim 1, wherein in step 1), the working certificate and the authentication certificate are in the same medium or in different media.
7. The application method using dual certificate for authentication as claimed in claim 1, wherein in step 4), the enabling manner of the user to enable the authentication certificate is a verification fingerprint enabling manner or an input PIN code enabling manner.
8. The method for authenticating applications using dual certificates according to claim 1, wherein in step 5), the same certificate of work can be authenticated with multiple certificates at the same time, and the same certificate of work can be authenticated with multiple certificates at the same time.
9. The method for applying authentication using dual certificates as claimed in claim 1, wherein in step 5), the authentication certificate in different medium and the employee certificate are bi-directionally authenticated in one of WIFI, bluetooth or NFC.
10. The method for applying authentication using dual certificates as claimed in claim 1, wherein in the step 5), the method for performing mutual authentication between the authentication certificate and the working certificate is SSL mutual authentication method or SPKM mutual authentication method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511025602.3A CN106936789B (en) | 2015-12-30 | 2015-12-30 | Application method for authentication by using double certificates |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511025602.3A CN106936789B (en) | 2015-12-30 | 2015-12-30 | Application method for authentication by using double certificates |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106936789A CN106936789A (en) | 2017-07-07 |
CN106936789B true CN106936789B (en) | 2021-04-13 |
Family
ID=59442622
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511025602.3A Active CN106936789B (en) | 2015-12-30 | 2015-12-30 | Application method for authentication by using double certificates |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106936789B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111342968B (en) * | 2018-12-18 | 2023-04-07 | 武汉信安珞珈科技有限公司 | Method and system for issuing double digital certificates |
CN110769393B (en) * | 2019-11-07 | 2021-12-24 | 公安部交通管理科学研究所 | Identity authentication system and method for vehicle-road cooperation |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1663175A (en) * | 2002-06-17 | 2005-08-31 | 皇家飞利浦电子股份有限公司 | System for authentication between devices using group certificates |
CN1787525A (en) * | 2005-11-15 | 2006-06-14 | 上海格尔软件股份有限公司 | Method for application of double certificate in SSL protocol |
CN101145233A (en) * | 2006-09-12 | 2008-03-19 | 中国农业银行 | Data ciphered-mortgage transaction system, teller identification system, trans-center transaction system and method |
CN102271040A (en) * | 2011-07-26 | 2011-12-07 | 北京华大信安科技有限公司 | Identity verifying system and method |
CN103117862A (en) * | 2013-02-18 | 2013-05-22 | 无锡矽鼎科技有限公司 | Method for using X.509 digital certificate of openssl for verifying Java certificate |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9021254B2 (en) * | 2007-07-27 | 2015-04-28 | White Sky, Inc. | Multi-platform user device malicious website protection system |
-
2015
- 2015-12-30 CN CN201511025602.3A patent/CN106936789B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1663175A (en) * | 2002-06-17 | 2005-08-31 | 皇家飞利浦电子股份有限公司 | System for authentication between devices using group certificates |
CN1787525A (en) * | 2005-11-15 | 2006-06-14 | 上海格尔软件股份有限公司 | Method for application of double certificate in SSL protocol |
CN101145233A (en) * | 2006-09-12 | 2008-03-19 | 中国农业银行 | Data ciphered-mortgage transaction system, teller identification system, trans-center transaction system and method |
CN102271040A (en) * | 2011-07-26 | 2011-12-07 | 北京华大信安科技有限公司 | Identity verifying system and method |
CN103117862A (en) * | 2013-02-18 | 2013-05-22 | 无锡矽鼎科技有限公司 | Method for using X.509 digital certificate of openssl for verifying Java certificate |
Also Published As
Publication number | Publication date |
---|---|
CN106936789A (en) | 2017-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210209614A1 (en) | Systems and methods for secure access to property or information using blockchain | |
US10523652B2 (en) | Secure identity sharing using a wearable device | |
CN102509055A (en) | Mobile terminal and method for hiding programs of mobile terminal | |
CN102970139B (en) | Data security validation method and device | |
CN104243165A (en) | Intelligent movable terminal privacy protection system and method based on intelligent bracelet | |
CN104657643A (en) | Privacy protection method, wearable device and mobile terminal | |
JP2015519637A (en) | System and method for secure transaction processing by a mobile device | |
US9699656B2 (en) | Systems and methods of authenticating and controlling access over customer data | |
US10298556B2 (en) | Systems and methods for secure storage and management of credentials and encryption keys | |
KR20210127125A (en) | Systems and methods for secure access to properties or information using blockchain | |
CN103984904A (en) | Method and device for preventing screen locking code of mobile terminal from being cracked | |
CN105307287A (en) | Connection method and wearable equipment | |
CN105915338A (en) | Key generation method and key generation system | |
CN102521169B (en) | Confidential USB (universal serial bus) memory disk with display screen and security control method of confidential USB memory disk | |
CN105933886A (en) | ESIM number writing method, security system, ESIM number server and terminal | |
CN103914772A (en) | Wireless authentication method, system and device for mobile payment | |
CN112016075B (en) | Travel information verification method based on block chain, electronic device and medium | |
JP7105495B2 (en) | Segmented key authenticator | |
KR20130064373A (en) | System for entering and location authentication of smart device using sequential wireless authentication and method for entering and location authentication using the same | |
CN104469736A (en) | Data processing method, server and terminal | |
CN106936789B (en) | Application method for authentication by using double certificates | |
CN102413146B (en) | Client authorized logon method based on dynamic codes | |
CN101296231A (en) | Data card operation method and data card | |
CN104299134A (en) | Payment method, device and terminal | |
CN106156549B (en) | application program authorization processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
CB02 | Change of applicant information |
Address after: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Jingan District, Shanghai Applicant after: Geer software Limited by Share Ltd Address before: 200070 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Zhabei District, Shanghai Applicant before: Geer Software Co., Ltd., Shanghai |
|
CB02 | Change of applicant information | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |