CN107171814A - A kind of digital certificate updating method and device - Google Patents
A kind of digital certificate updating method and device Download PDFInfo
- Publication number
- CN107171814A CN107171814A CN201710618107.6A CN201710618107A CN107171814A CN 107171814 A CN107171814 A CN 107171814A CN 201710618107 A CN201710618107 A CN 201710618107A CN 107171814 A CN107171814 A CN 107171814A
- Authority
- CN
- China
- Prior art keywords
- certificate
- old
- embedded
- security element
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The application provides a kind of digital certificate updating method and device, and methods described includes:Verify old certificate file and certificate signature;The new certificate file of installation and execution signature process;Delete old instance objects and certificate file.Digital certificate updating method and device that the application is proposed, the equipment of certificate update are become the safety element module of terminal inner, and the mode of certificate update is to interact processing by the safety element module of TSM platforms and terminal, greatly improves security.And by certificate update to terminal inner, rather than the separate hardware such as key devices, so that user just can complete corresponding operating without carrying hardware keys equipment, so as to facilitate user.
Description
Technical field
The application is related to communication technical field, more particularly to a kind of digital certificate updating method and device.
Background technology
PKIX (Public Key Infrastructure, abbreviation PKI) is by using public key technique
System information safety is ensured with digital certificate and is responsible for the key management platform of checking digital certificate holder's identity.The technology
It is widely used in the fields such as Web bank, ecommerce, E-Government.One intactly PKI system be by certification authority
(Certification Authority, abbreviation CA), KMC (KMC), registration body, directory service and safety
The part such as authentication application software, certificate application service is constituted, and wherein certification authority occupy core status in PKI system.
CA centers are also known as digital certificate authentication center, as the third party of trust in e-commerce transaction, special solution
Certainly in Public Key Infrastructure public key legal sex chromosome mosaicism.A digital certificate is provided in CA centers for each user using public-key cryptography,
The effect of digital certificate is to confirm that the user's name listed in certificate is corresponding with the public-key cryptography listed in certificate.CA centers
Digital signature prevents attacker from certificate of forging and juggle the figures.
Registration body (Registration Authority, abbreviation RA) center is the extension of CA functions, and it is responsible for certificate
The work such as Data Enter, examination & verification and the certificate issued of applicant;Meanwhile, corresponding management function is completed to the certificate of granting.
RA centers are the indispensable parts of whole CA centers normal operation.Provide certificate to concentrate or provide certificate on the net in CA centers
For main pattern of issuing licence;In this case, user's registration, registration each business step such as audit, uniformly issued licence and must all abide by
Follow unitized and standardize, these business can be realized by RA centers.
User security terminal is that user is used for the instrument in online electronic signature and digital authenticating, and user security terminal is usual
Using built-in security chip, online data are carried out using 1024 or the close algorithm of 2048 asymmetric key algorithms or state
Encryption, decryption and digital signature, it is ensured that confidentiality, authenticity, integrality and the non-repudiation of online transaction.User security is whole
End stores the private key and digital certificate of user, realizes the certification to user identity using the public key algorithm built in it, simultaneously
The private key that also ensure that user certificate by built-in safety chip can not be replicated or export.Such as Web bank user,
USB-KEY, SD-KEY used in the user of e-commerce website or mobile terminal are exactly conventional security terminal.
The renewal process of current certificate is required for hardware device to participate in every time, and carries out data interaction with desktop computer, very not
User-friendly operation, and for secure context, current certificates renewal process, after the requirements of process of certificate data has
Platform, PC or mobile phone, three aspects of security terminal hardware are participated in, if in terms of reducing by a participation, also can further increase
Plus the security of certificate update.
The content of the invention
In order to solve the above problems, the application provides a kind of digital certificate updating method and device.The application proposes a kind of
Digital certificate updating method, including:
Step S1:Verify old certificate file and certificate signature;
Step S2:The new certificate file of installation and execution signature process;
Step S3:Delete old instance objects and certificate file.
It is preferred that, the step S1, the old certificate file of checking and certificate signature, including:
Step S101:Application memory sends certificate update request;
Step S102:Integrated access management server receives the old card stored in request, checking application memory
Book, step S103 is performed if being proved to be successful, otherwise terminates this method;
Step S103:Authentication signature request is sent to safety element;
Step S104:The signature file of old certificate is sent to integrated access management server by embedded-type security element;
Step S105:Integrated access management server verifies the signature of old certificate, is proved to be successful then execution step S2, otherwise
Terminate this method.
It is preferred that, the new certificate file of the step S2, installation, including:
Step S201:Integrated access management server sends more new command to trusted service management platform;
Step S202:Instance objects are created in embedded-type security element;
Step S203:Trusted service management platform sends the personal recognition code instruction of installation;
Step S204:Embedded-type security element carries out the installation of personal recognition code to instance objects;
Step S205:Trusted service management platform sends certificate file to embedded-type security element;
Step S206:Embedded-type security element installs certificate file in instance objects.
It is preferred that, the step S3, the old instance objects of deletion and certificate file, including:
Step S301:Trusted service management platform sends old instance objects and deletes instruction;
Step S302:Embedded-type security element is deleted old instance objects;
Step S303:Trusted service management platform sends detection instruction;
Step S304:Embedded-type security element detects that judgement detects whether success to result, and step is performed if success
Rapid S305, otherwise performs step S2;
Step S305:Update and complete in application memory display.
It is furthermore preferred that before performing step S2, installing new certificate file, also performing following operation:
Step R101:Trusted service management platform selects shared secret data to send external authentication to embedded-type security element
Instruction;
Step R102:Embedded-type security element carries out external authentication to trusted service management platform.
It is preferred that, before execution step S203, trusted service management platform send the personal recognition code instruction of installation, also
Perform following operation:
Step R201:Trusted service management platform sends application identities matching instruction;
Step R202:Judge whether ESE matchings succeed, step S203 is performed if success, otherwise terminates this method.
The application also proposes a kind of updating digital certificate system, including:
Integrated access management server, trusted service management platform, application memory, user's application memory, by
Believe application memory and embedded-type security element;
Wherein, the integrated access management server is connected with the trusted service management platform, the trusted service pipe
Platform is connected with the application memory, and the trusted service management platform is connected with the embedded-type security element,
The embedded-type security element is connected with the application memory.
The application more proposes a kind of updating digital certificate device, including:
Old certificate validator, for verifying old certificate file and certificate signature;
New authentication erector, new certificate file and execution signature process for installing;
Old certificate canceller, for deleting old instance objects and certificate file.
It is preferred that, the old certificate validator includes:
Request module is updated, certificate update request is sent for application memory;
Old certification authentication module, is received in request, checking application memory for integrated access management server
The old certificate of storage;
Signature request module, embedded-type security element is given for sending authentication signature request;
The signature file of old certificate, integrated access management clothes are sent to for embedded-type security element by data transmission module
Business device;
Signature verification module, the signature of old certificate is verified for integrated access management server.
It is preferred that, the new authentication erector includes:
Instruction module is updated, more new command is sent to trusted service management platform for integrated access management server;
Example creation module, for creating instance objects in embedded-type security element;
Instruction module is recognized, the personal recognition code instruction of installation is sent for trusted service management platform;
Personal recognition code installs module, is installed for instance objects to be carried out with personal recognition code;
Document transmission module, certificate file is sent for trusted service management platform to embedded-type security element;
Certificate installs module, and certificate file is installed in instance objects for embedded-type security element.
It is preferred that, the old certificate canceller includes:
Instruction module is deleted, sending old instance objects for trusted service management platform deletes instruction;
Old instance objects are deleted by example removing module for embedded-type security element;
Instruction module is detected, detection instruction is sent for trusted service management platform;
As a result detection module, for being detected to result, and judges whether success;
Display module is updated, is completed for showing to update in application memory.
A kind of digital certificate updating method and device that the invention described above is proposed, obtain following technique effect:
1st, the SE inside the digital certificate updating method and device that the application is proposed, using terminal
(Securityelement, safety element) module is as certificate update equipment, and the mode of certificate update is by TSM
The SE modules of (Trusted Service Manager, trusted service management) platform and terminal interact processing, so that greatly
Raising certificate update security.
2nd, the application propose digital certificate updating method and device, using terminal carry out certificate update so that user without
Independent hardware device, which need to be carried, just can complete certificate update operation.
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments described in application, for those of ordinary skill in the art, can also obtain other according to these accompanying drawings
Accompanying drawing.
Fig. 1 is the structural representation of the application updating digital certificate system;
Fig. 2 is the structural representation of the application updating digital certificate device;
Fig. 3 is the structural representation of the old certificate validator of the application;
Fig. 4 is the structural representation of the application new authentication erector;
Fig. 5 is the structural representation of the old certificate canceller of the application;
Fig. 6 is the schematic flow sheet of the application digital certificate updating method;
Fig. 7 is that the application verifies old certificate file and the method flow diagram of certificate signature;
Fig. 8 is the new certificate file of the application installation and the method flow diagram for performing signature process;
Fig. 9 is the method flow diagram that the application deletes old instance objects and certificate file;
Figure 10 is the method flow diagram of the application external authentication;
Figure 11 is the method flow diagram of the application AID matchings.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described.
The application proposes a kind of updating digital certificate system, as shown in figure 1, including:
Integrated access management server 11 (Comprehensive Access Management Server, i.e. CAMS),
Trusted service management platform 12 (Trusted Service Manager, i.e. TSM), application program (Application, i.e. APP)
Memory 13, user's application (Client Application, i.e. CA) memory 14, trusted applications (Trusted
Application, i.e. TA) memory 15 and embedded-type security element 16 (Embedded Secure Element, i.e. ESE);
Wherein, integrated access management server 11 is connected with trusted service management platform 12, trusted service management platform 12
Be connected with application program 13, trusted service management platform 12 is connected with embedded-type security element 16, embedded-type security element 16 with
APP memories 13 are connected, and CA memories 14, TA memories 15 are connected with embedded-type security element 16 respectively, and are connected to each other.
Above-mentioned updating digital certificate system, wherein when being updated by TSM to ESE, having used a kind of numeral card
Book updating device, as shown in Fig. 2 including:
Old certificate validator 21, new authentication erector 22 and old certificate canceller 23;
Wherein, old certificate validator 21, for verifying old certificate file and certificate signature;
Wherein, as shown in figure 3, old certificate validator 21 includes:
Request module 31, old certification authentication module 32, signature request module 33, data transmission module 34 and signature is updated to test
Demonstrate,prove module 35;Wherein,
Request module 31 is updated, certificate update request is sent for application memory;Old certification authentication module 32, is used
The old certificate stored in request, checking application memory is received in integrated access management server;Signature request module
33, give embedded-type security element for sending authentication signature request;Data transmission module 34, for embedded-type security element old
The signature file of certificate is sent to integrated access management server;Signature verification module 35, for integrated access management server
Verify the signature of old certificate.
When certificate is near the phase, allows CAMS to be sent to APP and update prompt message, specifically,
Judge that the fast overdue method of certificate includes following any:
Main equipment is preserved when detecting the mobile phone terminal and the main equipment is communicated first from the mobile phone terminal
Certificate in parse the setting expiration time of the certificate;
According to the setting expiration time that the certificate is parsed in the certificate preserved from the mobile phone terminal, preserve or more
The pre-recorded certificate expiration time on the new main equipment;
The main equipment judges whether the remaining effective time of certificate meets and preset in the case of certificate is undue
Pre- reminder time point, if it is satisfied, then reminding the user certificate to be according to the corresponding alerting pattern of pre- reminder time point of satisfaction
It will expire.
New authentication erector 22, new certificate file and execution signature process for installing;
New authentication erector 22 as shown in figure 4, including:
Update instruction module 41, example creation module 42, identification instruction module 43, personal recognition code (Personal
Identification Number, i.e. PIN code) module 44, document transmission module 45 and certificate installation module 46 are installed;Wherein,
Instruction module 41 is updated, more new command is sent to trusted service management platform for integrated access management server;
Example creation module 42, for creating instance objects in embedded-type security element;Instruction module 43 is recognized, for trusted service
Management platform sends the personal recognition code instruction of installation;Personal recognition code installs module 44, individual for being carried out to instance objects
People's recognition code is installed;Document transmission module 45, certificate text is sent for trusted service management platform to embedded-type security element
Part;Certificate installs module 46, and certificate file is installed in instance objects for embedded-type security element.
When receiving the request of APP transmissions, CA is judged request, judge to ask whether APP from trusted and conjunction
What the client of method was sent.
Wherein, it is, by analysis request file, to obtain facility information therein and APP information that CA carries out judgement to request,
This information is uploaded into security server to be compared, if identical facility information and APP information, then it is assumed that be from trusted
What APP and legal client were sent.
And in order to further increase the security of certificate, before certificate file is sent, TSM is used the file to be sent
ESE public keys are encrypted, after ESE receives certificate file, and plaintext certificate is obtained with realizing that the private key consulted is decrypted.
Old certificate canceller 23, for deleting old instance objects and certificate file.
Specifically, as shown in figure 5, old certificate canceller 23 includes:
Delete instruction module 51, example removing module 52, detection instruction module 53, result detection module 53 and update display
Module 54;Wherein,
Instruction module 51 is deleted, sending old instance objects for trusted service management platform deletes instruction;Example deletes mould
Old instance objects are deleted by block 52 for embedded-type security element;Instruction module 53 is detected, it is flat for trusted service management
Platform sends detection instruction;As a result detection module 54, for being detected to result, and judge whether success;Update display module
55, completed for showing to update in application memory.Obviously, need to carry out certificate effective management, ability in TSM
Above-mentioned updating digital certificate system and device are supported, specific method is as follows:
Digital certificate is configured in database first;Secondly check that whether digital certificate needs to update in database, is
Then continue, otherwise exit;Then digital certificate in database is carried out artificially to update (or automatically updating);Finally by digital certificate
Non-update state is set to, TSM credentialing process is safeguarded in completion.
In to ESE during certificate update, in order to further ensure ESE security, accessed using one kind application
Safety method, specifically, sets the application only specified to access ESE;
The application specified is carried when can specifically being dispatched from the factory by user mobile phone, or user through safety certification it
Afterwards, it is downloaded to by CAMS or other secure ways on mobile phone;
After ESE certificate update is completed, if specifying application to be obtained for downloading mode, it is deleted from mobile phone, with
Ensure that information is not divulged a secret.
The updating digital certificate apparatus and system of the application proposition is described according to Fig. 1-5 above, below according to Fig. 6-11
Introduce the digital certificate updating method of the application proposition
The digital certificate updating method that the application is proposed, as shown in fig. 6, including:
Step S1:Verify old certificate file and certificate signature;
Wherein, as shown in fig. 7, above-mentioned steps S1 includes:
Step S101:Application memory 13 sends certificate update request;
When certificate is near the phase, allows CAMS to be sent to APP and update prompt message, specifically,
Judge that the fast overdue method of certificate includes following any:
Main equipment is preserved when detecting the mobile phone terminal and the main equipment is communicated first from the mobile phone terminal
Certificate in parse the setting expiration time of the certificate;
According to the setting expiration time that the certificate is parsed in the certificate preserved from the mobile phone terminal, preserve or more
The pre-recorded certificate expiration time on the new main equipment;
The main equipment judges whether the remaining effective time of certificate meets and preset in the case of certificate is undue
Pre- reminder time point, if it is satisfied, then reminding the user certificate to be according to the corresponding alerting pattern of pre- reminder time point of satisfaction
It will expire.
Step S102:Integrated access management server receives request, and what is stored in checking application memory 13 is old
Certificate, step S103 is performed if being proved to be successful, otherwise terminates this method;
When receiving the request of APP transmissions, CA is judged request, judge to ask whether APP from trusted and conjunction
What the client of method was sent.
Wherein, it is, by analysis request file, to obtain facility information therein and APP information that CA carries out judgement to request,
This information is uploaded into security server to be compared, if identical facility information and APP information, then it is assumed that be from trusted
What APP and legal client were sent.
Step S103:Authentication signature request is sent to safety element;
Step S104:The signature file of old certificate is sent to integrated access management server by embedded-type security element;
Step S105:Integrated access management server verifies the signature of old certificate, is proved to be successful then execution step S2, otherwise
Terminate this method.
Step S2:The new certificate file of installation and execution signature process;
Above-mentioned steps S2 as shown in figure 8, including:
Step S201:Integrated access management server sends more new command to trusted service management platform;
Step S202:Instance objects are created in embedded-type security element;
Step S203:Trusted service management platform sends the personal recognition code instruction of installation;
Before execution step S203, trusted service management platform send the personal recognition code instruction of installation, also perform such as
Operated shown in Figure 11:
Step R201:Trusted service management platform sends application identities (application identifier, i.e. AID)
With instruction;
Step R202:Judge whether ESE matchings succeed, step S203 is performed if success, otherwise terminates this method.
Verification method is matched by AID as shown in figure 11, the security that user uses can be greatly improved.
Step S204:Embedded-type security element carries out the installation of personal recognition code to instance objects;
Step S205:Trusted service management platform sends certificate file to embedded-type security element;
Before certificate file is sent, the file to be sent is encrypted TSM with ESE public keys, and certificate text is received in ESE
After part, plaintext certificate is obtained with realizing that the private key consulted is decrypted.
Step S206:Embedded-type security element installs certificate file in instance objects.
Specifically, before performing step S2, installing new certificate file, also by performing step as shown in Figure 10
Operate to increase the security of user's operation:
Step R101:Trusted service management platform selection shared secret data (Shared Secret Data, i.e. SSD) are right
Embedded-type security element sends external authentication instruction;
Step R102:Embedded-type security element carries out external authentication to trusted service management platform.
Step S3:Delete old instance objects and certificate file.
Wherein, step S3 as shown in figure 9, including:
Step S301:Trusted service management platform sends old instance objects and deletes instruction;
Step S302:Embedded-type security element is deleted old instance objects;
Step S303:Trusted service management platform sends detection instruction;
Step S304:Embedded-type security element detects that judgement detects whether success to result, and step is performed if success
Rapid S305, otherwise performs step S2;
Step S305:Show that renewal is completed in application memory 13.
Obviously, need to carry out certificate effective management in TSM, above-mentioned digital certificate updating method could be supported, specifically
Method is as follows:
Digital certificate is configured in database first;Secondly check that whether digital certificate needs to update in database, is
Then continue, otherwise exit;Then digital certificate in database is carried out artificially to update (or automatically updating);Finally by digital certificate
Non-update state is set to, TSM credentialing process is safeguarded in completion.
In the updating digital certificate device that the application is proposed, when the process of certificate update in ESE, in order to further
ESE security is ensured, access safety method is applied using one kind, specifically, sets the application only specified to access
ESE;
The application specified is carried when can specifically being dispatched from the factory by user mobile phone, or user through safety certification it
Afterwards, it is downloaded to by CAMS or other secure ways on mobile phone;
After ESE certificate update is completed, if specifying application to be obtained for downloading mode, it is deleted from mobile phone, with
Ensure that information is not divulged a secret.
It is described above, only it is presently preferred embodiments of the present invention, any formal limitation not is made to the present invention, although this
Invention is disclosed above with preferred embodiment, but is not limited to the present invention, any those skilled in the art,
Do not depart from the range of technical solution of the present invention, when the technology contents using the disclosure above make a little change or are modified to equivalent
The equivalent embodiment of change, as long as being the content without departing from technical solution of the present invention, the technical spirit according to the present invention is to the above
Any simple modification, equivalent variations and modification that embodiment is made, in the range of still falling within technical solution of the present invention.
Claims (10)
1. a kind of digital certificate updating method, it is characterised in that including:
Step S1:Verify old certificate file and certificate signature;
Step S2:The new certificate file of installation and execution signature process;
Step S3:Delete old instance objects and certificate file.
2. digital certificate updating method as claimed in claim 1, it is characterised in that the step S1, the old certificate file of checking
And certificate signature, including:
Step S101:Application memory sends certificate update request;
Step S102:Integrated access management server receives the old certificate stored in request, checking application memory, if
Then execution step S103 is proved to be successful, otherwise terminates this method;
Step S103:Send authentication signature request and give embedded-type security element;
Step S104:The signature file of old certificate is sent to integrated access management server by embedded-type security element;
Step S105:Integrated access management server verifies the signature of old certificate, is proved to be successful then execution step S2, otherwise terminates
This method.
3. digital certificate updating method as claimed in claim 1, it is characterised in that the new certificate text of the step S2, installation
Part, including:
Step S201:Integrated access management server sends more new command to trusted service management platform;
Step S202:Instance objects are created in embedded-type security element;
Step S203:Trusted service management platform sends the personal recognition code instruction of installation;
Step S204:Embedded-type security element carries out the installation of personal recognition code to instance objects;
Step S205:Trusted service management platform sends certificate file to embedded-type security element;
Step S206:Embedded-type security element installs certificate file in instance objects.
4. digital certificate updating method as claimed in claim 1, it is characterised in that the step S3, the old instance objects of deletion
And certificate file, including:
Step S301:Trusted service management platform sends old instance objects and deletes instruction;
Step S302:Embedded-type security element is deleted old instance objects;
Step S303:Trusted service management platform sends detection instruction;
Step S304:Embedded-type security element detects that judgement detects whether success to result, and step is performed if success
S305, otherwise performs step S2;
Step S305:Update and complete in application memory display.
5. the digital certificate updating method as described in claim 1-4 is any, it is characterised in that performing step S2, installing new
Certificate file before, also perform following operation:
Step R101:Trusted service management platform selects shared secret data to refer to the transmission external authentication of embedded-type security element
Order;
Step R102:Embedded-type security element carries out external authentication to trusted service management platform.
6. the digital certificate updating method as described in claim 1-4 is any, it is characterised in that performing step S203, credible
Service management platform is sent before the personal recognition code instruction of installation, also performs following operation:
Step R201:Trusted service management platform sends application identities matching instruction;
Step R202:Judge whether ESE matchings succeed, step S203 is performed if success, otherwise terminates this method.
7. a kind of updating digital certificate device, it is characterised in that including:
Old certificate validator, for verifying old certificate file and certificate signature;
New authentication erector, new certificate file and execution signature process for installing;
Old certificate canceller, for deleting old instance objects and certificate file.
8. updating digital certificate device as claimed in claim 7, it is characterised in that the old certificate validator includes:
Request module is updated, certificate update request is sent for application memory;
Old certification authentication module, receives for integrated access management server and is stored in request, checking application memory
Old certificate;
Signature request module, embedded-type security element is given for sending authentication signature request;
The signature file of old certificate, integrated access management service is sent to for embedded-type security element by data transmission module
Device;
Signature verification module, the signature of old certificate is verified for integrated access management server.
9. updating digital certificate device as claimed in claim 7, it is characterised in that the new authentication erector includes:
Instruction module is updated, more new command is sent to trusted service management platform for integrated access management server;
Example creation module, for creating instance objects in embedded-type security element;
Instruction module is recognized, the personal recognition code instruction of installation is sent for trusted service management platform;
Personal recognition code installs module, is installed for instance objects to be carried out with personal recognition code;
Document transmission module, certificate file is sent for trusted service management platform to embedded-type security element;
Certificate installs module, and certificate file is installed in instance objects for embedded-type security element.
10. updating digital certificate device as claimed in claim 7, it is characterised in that the old certificate canceller includes:
Instruction module is deleted, sending old instance objects for trusted service management platform deletes instruction;
Old instance objects are deleted by example removing module for embedded-type security element;
Instruction module is detected, detection instruction is sent for trusted service management platform;
As a result detection module, for being detected to result, and judges whether success;
Display module is updated, is completed for showing to update in application memory.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710618107.6A CN107171814A (en) | 2017-07-26 | 2017-07-26 | A kind of digital certificate updating method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710618107.6A CN107171814A (en) | 2017-07-26 | 2017-07-26 | A kind of digital certificate updating method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107171814A true CN107171814A (en) | 2017-09-15 |
Family
ID=59817441
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710618107.6A Pending CN107171814A (en) | 2017-07-26 | 2017-07-26 | A kind of digital certificate updating method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107171814A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109922056A (en) * | 2019-02-26 | 2019-06-21 | 阿里巴巴集团控股有限公司 | Data safety processing method and its terminal, server |
CN113259108A (en) * | 2020-02-10 | 2021-08-13 | 上海艾拉比智能科技有限公司 | Certificate updating method, Internet of things platform and Internet of things equipment |
WO2024055302A1 (en) * | 2022-09-16 | 2024-03-21 | Nokia Shanghai Bell Co., Ltd. | Method and apparatus for mitigating a risk of service un-availability during ca migaration |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103117987A (en) * | 2011-11-17 | 2013-05-22 | 航天信息股份有限公司 | Digital certificate updating method |
-
2017
- 2017-07-26 CN CN201710618107.6A patent/CN107171814A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103117987A (en) * | 2011-11-17 | 2013-05-22 | 航天信息股份有限公司 | Digital certificate updating method |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109922056A (en) * | 2019-02-26 | 2019-06-21 | 阿里巴巴集团控股有限公司 | Data safety processing method and its terminal, server |
US11251976B2 (en) | 2019-02-26 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Data security processing method and terminal thereof, and server |
CN113259108A (en) * | 2020-02-10 | 2021-08-13 | 上海艾拉比智能科技有限公司 | Certificate updating method, Internet of things platform and Internet of things equipment |
WO2024055302A1 (en) * | 2022-09-16 | 2024-03-21 | Nokia Shanghai Bell Co., Ltd. | Method and apparatus for mitigating a risk of service un-availability during ca migaration |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107070667B (en) | Identity authentication method | |
KR101759193B1 (en) | Network authentication method for secure electronic transactions | |
CN101828357B (en) | Credential provisioning method and device | |
RU2515809C2 (en) | Methods for facilitating secure self-initialisation of subscriber devices in communication system | |
JP5601729B2 (en) | How to log into a mobile radio network | |
CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
CN108768664A (en) | Key management method, device, system, storage medium and computer equipment | |
TW201741922A (en) | Biological feature based safety certification method and device | |
JP2019519827A (en) | Two-channel authentication agent system and method capable of detecting false alteration of application | |
US10050791B2 (en) | Method for verifying the identity of a user of a communicating terminal and associated system | |
US20180184290A1 (en) | Embedded Certificate Method for Strong Authentication and Ease of Use for Wireless IoT Systems | |
CN102171971B (en) | Releasing a service on an electronic appliance | |
US20110113241A1 (en) | Ic card, ic card system, and method thereof | |
KR101210260B1 (en) | OTP certification device | |
CN101300808A (en) | Method and arrangement for secure autentication | |
JP2012530311A5 (en) | ||
CN101841525A (en) | Secure access method, system and client | |
CN110278084B (en) | eID establishing method, related device and system | |
CN107171814A (en) | A kind of digital certificate updating method and device | |
KR101792220B1 (en) | Method, mobile terminal, device and program for providing user authentication service of combining biometric authentication | |
KR20180119178A (en) | Methods and apparatus for registration of fido and cerificates based on authentication chain | |
JP5277888B2 (en) | Application issuing system, apparatus and method | |
CN104869122A (en) | Gesture password identity authentication method based on electronic signature and system thereof | |
JP2003298574A (en) | Electronic apparatus, authentication station, electronic apparatus authentication system, and electronic apparatus authentication method | |
JP2005318269A (en) | Electronic certificate management system, method and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170915 |