CN107171814A - A kind of digital certificate updating method and device - Google Patents

A kind of digital certificate updating method and device Download PDF

Info

Publication number
CN107171814A
CN107171814A CN201710618107.6A CN201710618107A CN107171814A CN 107171814 A CN107171814 A CN 107171814A CN 201710618107 A CN201710618107 A CN 201710618107A CN 107171814 A CN107171814 A CN 107171814A
Authority
CN
China
Prior art keywords
certificate
old
embedded
security element
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710618107.6A
Other languages
Chinese (zh)
Inventor
刘春桥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengbao Co Ltd
Original Assignee
Hengbao Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengbao Co Ltd filed Critical Hengbao Co Ltd
Priority to CN201710618107.6A priority Critical patent/CN107171814A/en
Publication of CN107171814A publication Critical patent/CN107171814A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The application provides a kind of digital certificate updating method and device, and methods described includes:Verify old certificate file and certificate signature;The new certificate file of installation and execution signature process;Delete old instance objects and certificate file.Digital certificate updating method and device that the application is proposed, the equipment of certificate update are become the safety element module of terminal inner, and the mode of certificate update is to interact processing by the safety element module of TSM platforms and terminal, greatly improves security.And by certificate update to terminal inner, rather than the separate hardware such as key devices, so that user just can complete corresponding operating without carrying hardware keys equipment, so as to facilitate user.

Description

A kind of digital certificate updating method and device
Technical field
The application is related to communication technical field, more particularly to a kind of digital certificate updating method and device.
Background technology
PKIX (Public Key Infrastructure, abbreviation PKI) is by using public key technique System information safety is ensured with digital certificate and is responsible for the key management platform of checking digital certificate holder's identity.The technology It is widely used in the fields such as Web bank, ecommerce, E-Government.One intactly PKI system be by certification authority (Certification Authority, abbreviation CA), KMC (KMC), registration body, directory service and safety The part such as authentication application software, certificate application service is constituted, and wherein certification authority occupy core status in PKI system.
CA centers are also known as digital certificate authentication center, as the third party of trust in e-commerce transaction, special solution Certainly in Public Key Infrastructure public key legal sex chromosome mosaicism.A digital certificate is provided in CA centers for each user using public-key cryptography, The effect of digital certificate is to confirm that the user's name listed in certificate is corresponding with the public-key cryptography listed in certificate.CA centers Digital signature prevents attacker from certificate of forging and juggle the figures.
Registration body (Registration Authority, abbreviation RA) center is the extension of CA functions, and it is responsible for certificate The work such as Data Enter, examination & verification and the certificate issued of applicant;Meanwhile, corresponding management function is completed to the certificate of granting. RA centers are the indispensable parts of whole CA centers normal operation.Provide certificate to concentrate or provide certificate on the net in CA centers For main pattern of issuing licence;In this case, user's registration, registration each business step such as audit, uniformly issued licence and must all abide by Follow unitized and standardize, these business can be realized by RA centers.
User security terminal is that user is used for the instrument in online electronic signature and digital authenticating, and user security terminal is usual Using built-in security chip, online data are carried out using 1024 or the close algorithm of 2048 asymmetric key algorithms or state Encryption, decryption and digital signature, it is ensured that confidentiality, authenticity, integrality and the non-repudiation of online transaction.User security is whole End stores the private key and digital certificate of user, realizes the certification to user identity using the public key algorithm built in it, simultaneously The private key that also ensure that user certificate by built-in safety chip can not be replicated or export.Such as Web bank user, USB-KEY, SD-KEY used in the user of e-commerce website or mobile terminal are exactly conventional security terminal.
The renewal process of current certificate is required for hardware device to participate in every time, and carries out data interaction with desktop computer, very not User-friendly operation, and for secure context, current certificates renewal process, after the requirements of process of certificate data has Platform, PC or mobile phone, three aspects of security terminal hardware are participated in, if in terms of reducing by a participation, also can further increase Plus the security of certificate update.
The content of the invention
In order to solve the above problems, the application provides a kind of digital certificate updating method and device.The application proposes a kind of Digital certificate updating method, including:
Step S1:Verify old certificate file and certificate signature;
Step S2:The new certificate file of installation and execution signature process;
Step S3:Delete old instance objects and certificate file.
It is preferred that, the step S1, the old certificate file of checking and certificate signature, including:
Step S101:Application memory sends certificate update request;
Step S102:Integrated access management server receives the old card stored in request, checking application memory Book, step S103 is performed if being proved to be successful, otherwise terminates this method;
Step S103:Authentication signature request is sent to safety element;
Step S104:The signature file of old certificate is sent to integrated access management server by embedded-type security element;
Step S105:Integrated access management server verifies the signature of old certificate, is proved to be successful then execution step S2, otherwise Terminate this method.
It is preferred that, the new certificate file of the step S2, installation, including:
Step S201:Integrated access management server sends more new command to trusted service management platform;
Step S202:Instance objects are created in embedded-type security element;
Step S203:Trusted service management platform sends the personal recognition code instruction of installation;
Step S204:Embedded-type security element carries out the installation of personal recognition code to instance objects;
Step S205:Trusted service management platform sends certificate file to embedded-type security element;
Step S206:Embedded-type security element installs certificate file in instance objects.
It is preferred that, the step S3, the old instance objects of deletion and certificate file, including:
Step S301:Trusted service management platform sends old instance objects and deletes instruction;
Step S302:Embedded-type security element is deleted old instance objects;
Step S303:Trusted service management platform sends detection instruction;
Step S304:Embedded-type security element detects that judgement detects whether success to result, and step is performed if success Rapid S305, otherwise performs step S2;
Step S305:Update and complete in application memory display.
It is furthermore preferred that before performing step S2, installing new certificate file, also performing following operation:
Step R101:Trusted service management platform selects shared secret data to send external authentication to embedded-type security element Instruction;
Step R102:Embedded-type security element carries out external authentication to trusted service management platform.
It is preferred that, before execution step S203, trusted service management platform send the personal recognition code instruction of installation, also Perform following operation:
Step R201:Trusted service management platform sends application identities matching instruction;
Step R202:Judge whether ESE matchings succeed, step S203 is performed if success, otherwise terminates this method.
The application also proposes a kind of updating digital certificate system, including:
Integrated access management server, trusted service management platform, application memory, user's application memory, by Believe application memory and embedded-type security element;
Wherein, the integrated access management server is connected with the trusted service management platform, the trusted service pipe Platform is connected with the application memory, and the trusted service management platform is connected with the embedded-type security element, The embedded-type security element is connected with the application memory.
The application more proposes a kind of updating digital certificate device, including:
Old certificate validator, for verifying old certificate file and certificate signature;
New authentication erector, new certificate file and execution signature process for installing;
Old certificate canceller, for deleting old instance objects and certificate file.
It is preferred that, the old certificate validator includes:
Request module is updated, certificate update request is sent for application memory;
Old certification authentication module, is received in request, checking application memory for integrated access management server The old certificate of storage;
Signature request module, embedded-type security element is given for sending authentication signature request;
The signature file of old certificate, integrated access management clothes are sent to for embedded-type security element by data transmission module Business device;
Signature verification module, the signature of old certificate is verified for integrated access management server.
It is preferred that, the new authentication erector includes:
Instruction module is updated, more new command is sent to trusted service management platform for integrated access management server;
Example creation module, for creating instance objects in embedded-type security element;
Instruction module is recognized, the personal recognition code instruction of installation is sent for trusted service management platform;
Personal recognition code installs module, is installed for instance objects to be carried out with personal recognition code;
Document transmission module, certificate file is sent for trusted service management platform to embedded-type security element;
Certificate installs module, and certificate file is installed in instance objects for embedded-type security element.
It is preferred that, the old certificate canceller includes:
Instruction module is deleted, sending old instance objects for trusted service management platform deletes instruction;
Old instance objects are deleted by example removing module for embedded-type security element;
Instruction module is detected, detection instruction is sent for trusted service management platform;
As a result detection module, for being detected to result, and judges whether success;
Display module is updated, is completed for showing to update in application memory.
A kind of digital certificate updating method and device that the invention described above is proposed, obtain following technique effect:
1st, the SE inside the digital certificate updating method and device that the application is proposed, using terminal (Securityelement, safety element) module is as certificate update equipment, and the mode of certificate update is by TSM The SE modules of (Trusted Service Manager, trusted service management) platform and terminal interact processing, so that greatly Raising certificate update security.
2nd, the application propose digital certificate updating method and device, using terminal carry out certificate update so that user without Independent hardware device, which need to be carried, just can complete certificate update operation.
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments described in application, for those of ordinary skill in the art, can also obtain other according to these accompanying drawings Accompanying drawing.
Fig. 1 is the structural representation of the application updating digital certificate system;
Fig. 2 is the structural representation of the application updating digital certificate device;
Fig. 3 is the structural representation of the old certificate validator of the application;
Fig. 4 is the structural representation of the application new authentication erector;
Fig. 5 is the structural representation of the old certificate canceller of the application;
Fig. 6 is the schematic flow sheet of the application digital certificate updating method;
Fig. 7 is that the application verifies old certificate file and the method flow diagram of certificate signature;
Fig. 8 is the new certificate file of the application installation and the method flow diagram for performing signature process;
Fig. 9 is the method flow diagram that the application deletes old instance objects and certificate file;
Figure 10 is the method flow diagram of the application external authentication;
Figure 11 is the method flow diagram of the application AID matchings.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described.
The application proposes a kind of updating digital certificate system, as shown in figure 1, including:
Integrated access management server 11 (Comprehensive Access Management Server, i.e. CAMS), Trusted service management platform 12 (Trusted Service Manager, i.e. TSM), application program (Application, i.e. APP) Memory 13, user's application (Client Application, i.e. CA) memory 14, trusted applications (Trusted Application, i.e. TA) memory 15 and embedded-type security element 16 (Embedded Secure Element, i.e. ESE);
Wherein, integrated access management server 11 is connected with trusted service management platform 12, trusted service management platform 12 Be connected with application program 13, trusted service management platform 12 is connected with embedded-type security element 16, embedded-type security element 16 with APP memories 13 are connected, and CA memories 14, TA memories 15 are connected with embedded-type security element 16 respectively, and are connected to each other.
Above-mentioned updating digital certificate system, wherein when being updated by TSM to ESE, having used a kind of numeral card Book updating device, as shown in Fig. 2 including:
Old certificate validator 21, new authentication erector 22 and old certificate canceller 23;
Wherein, old certificate validator 21, for verifying old certificate file and certificate signature;
Wherein, as shown in figure 3, old certificate validator 21 includes:
Request module 31, old certification authentication module 32, signature request module 33, data transmission module 34 and signature is updated to test Demonstrate,prove module 35;Wherein,
Request module 31 is updated, certificate update request is sent for application memory;Old certification authentication module 32, is used The old certificate stored in request, checking application memory is received in integrated access management server;Signature request module 33, give embedded-type security element for sending authentication signature request;Data transmission module 34, for embedded-type security element old The signature file of certificate is sent to integrated access management server;Signature verification module 35, for integrated access management server Verify the signature of old certificate.
When certificate is near the phase, allows CAMS to be sent to APP and update prompt message, specifically,
Judge that the fast overdue method of certificate includes following any:
Main equipment is preserved when detecting the mobile phone terminal and the main equipment is communicated first from the mobile phone terminal Certificate in parse the setting expiration time of the certificate;
According to the setting expiration time that the certificate is parsed in the certificate preserved from the mobile phone terminal, preserve or more The pre-recorded certificate expiration time on the new main equipment;
The main equipment judges whether the remaining effective time of certificate meets and preset in the case of certificate is undue Pre- reminder time point, if it is satisfied, then reminding the user certificate to be according to the corresponding alerting pattern of pre- reminder time point of satisfaction It will expire.
New authentication erector 22, new certificate file and execution signature process for installing;
New authentication erector 22 as shown in figure 4, including:
Update instruction module 41, example creation module 42, identification instruction module 43, personal recognition code (Personal Identification Number, i.e. PIN code) module 44, document transmission module 45 and certificate installation module 46 are installed;Wherein,
Instruction module 41 is updated, more new command is sent to trusted service management platform for integrated access management server; Example creation module 42, for creating instance objects in embedded-type security element;Instruction module 43 is recognized, for trusted service Management platform sends the personal recognition code instruction of installation;Personal recognition code installs module 44, individual for being carried out to instance objects People's recognition code is installed;Document transmission module 45, certificate text is sent for trusted service management platform to embedded-type security element Part;Certificate installs module 46, and certificate file is installed in instance objects for embedded-type security element.
When receiving the request of APP transmissions, CA is judged request, judge to ask whether APP from trusted and conjunction What the client of method was sent.
Wherein, it is, by analysis request file, to obtain facility information therein and APP information that CA carries out judgement to request, This information is uploaded into security server to be compared, if identical facility information and APP information, then it is assumed that be from trusted What APP and legal client were sent.
And in order to further increase the security of certificate, before certificate file is sent, TSM is used the file to be sent ESE public keys are encrypted, after ESE receives certificate file, and plaintext certificate is obtained with realizing that the private key consulted is decrypted.
Old certificate canceller 23, for deleting old instance objects and certificate file.
Specifically, as shown in figure 5, old certificate canceller 23 includes:
Delete instruction module 51, example removing module 52, detection instruction module 53, result detection module 53 and update display Module 54;Wherein,
Instruction module 51 is deleted, sending old instance objects for trusted service management platform deletes instruction;Example deletes mould Old instance objects are deleted by block 52 for embedded-type security element;Instruction module 53 is detected, it is flat for trusted service management Platform sends detection instruction;As a result detection module 54, for being detected to result, and judge whether success;Update display module 55, completed for showing to update in application memory.Obviously, need to carry out certificate effective management, ability in TSM Above-mentioned updating digital certificate system and device are supported, specific method is as follows:
Digital certificate is configured in database first;Secondly check that whether digital certificate needs to update in database, is Then continue, otherwise exit;Then digital certificate in database is carried out artificially to update (or automatically updating);Finally by digital certificate Non-update state is set to, TSM credentialing process is safeguarded in completion.
In to ESE during certificate update, in order to further ensure ESE security, accessed using one kind application Safety method, specifically, sets the application only specified to access ESE;
The application specified is carried when can specifically being dispatched from the factory by user mobile phone, or user through safety certification it Afterwards, it is downloaded to by CAMS or other secure ways on mobile phone;
After ESE certificate update is completed, if specifying application to be obtained for downloading mode, it is deleted from mobile phone, with Ensure that information is not divulged a secret.
The updating digital certificate apparatus and system of the application proposition is described according to Fig. 1-5 above, below according to Fig. 6-11 Introduce the digital certificate updating method of the application proposition
The digital certificate updating method that the application is proposed, as shown in fig. 6, including:
Step S1:Verify old certificate file and certificate signature;
Wherein, as shown in fig. 7, above-mentioned steps S1 includes:
Step S101:Application memory 13 sends certificate update request;
When certificate is near the phase, allows CAMS to be sent to APP and update prompt message, specifically,
Judge that the fast overdue method of certificate includes following any:
Main equipment is preserved when detecting the mobile phone terminal and the main equipment is communicated first from the mobile phone terminal Certificate in parse the setting expiration time of the certificate;
According to the setting expiration time that the certificate is parsed in the certificate preserved from the mobile phone terminal, preserve or more The pre-recorded certificate expiration time on the new main equipment;
The main equipment judges whether the remaining effective time of certificate meets and preset in the case of certificate is undue Pre- reminder time point, if it is satisfied, then reminding the user certificate to be according to the corresponding alerting pattern of pre- reminder time point of satisfaction It will expire.
Step S102:Integrated access management server receives request, and what is stored in checking application memory 13 is old Certificate, step S103 is performed if being proved to be successful, otherwise terminates this method;
When receiving the request of APP transmissions, CA is judged request, judge to ask whether APP from trusted and conjunction What the client of method was sent.
Wherein, it is, by analysis request file, to obtain facility information therein and APP information that CA carries out judgement to request, This information is uploaded into security server to be compared, if identical facility information and APP information, then it is assumed that be from trusted What APP and legal client were sent.
Step S103:Authentication signature request is sent to safety element;
Step S104:The signature file of old certificate is sent to integrated access management server by embedded-type security element;
Step S105:Integrated access management server verifies the signature of old certificate, is proved to be successful then execution step S2, otherwise Terminate this method.
Step S2:The new certificate file of installation and execution signature process;
Above-mentioned steps S2 as shown in figure 8, including:
Step S201:Integrated access management server sends more new command to trusted service management platform;
Step S202:Instance objects are created in embedded-type security element;
Step S203:Trusted service management platform sends the personal recognition code instruction of installation;
Before execution step S203, trusted service management platform send the personal recognition code instruction of installation, also perform such as Operated shown in Figure 11:
Step R201:Trusted service management platform sends application identities (application identifier, i.e. AID) With instruction;
Step R202:Judge whether ESE matchings succeed, step S203 is performed if success, otherwise terminates this method.
Verification method is matched by AID as shown in figure 11, the security that user uses can be greatly improved.
Step S204:Embedded-type security element carries out the installation of personal recognition code to instance objects;
Step S205:Trusted service management platform sends certificate file to embedded-type security element;
Before certificate file is sent, the file to be sent is encrypted TSM with ESE public keys, and certificate text is received in ESE After part, plaintext certificate is obtained with realizing that the private key consulted is decrypted.
Step S206:Embedded-type security element installs certificate file in instance objects.
Specifically, before performing step S2, installing new certificate file, also by performing step as shown in Figure 10 Operate to increase the security of user's operation:
Step R101:Trusted service management platform selection shared secret data (Shared Secret Data, i.e. SSD) are right Embedded-type security element sends external authentication instruction;
Step R102:Embedded-type security element carries out external authentication to trusted service management platform.
Step S3:Delete old instance objects and certificate file.
Wherein, step S3 as shown in figure 9, including:
Step S301:Trusted service management platform sends old instance objects and deletes instruction;
Step S302:Embedded-type security element is deleted old instance objects;
Step S303:Trusted service management platform sends detection instruction;
Step S304:Embedded-type security element detects that judgement detects whether success to result, and step is performed if success Rapid S305, otherwise performs step S2;
Step S305:Show that renewal is completed in application memory 13.
Obviously, need to carry out certificate effective management in TSM, above-mentioned digital certificate updating method could be supported, specifically Method is as follows:
Digital certificate is configured in database first;Secondly check that whether digital certificate needs to update in database, is Then continue, otherwise exit;Then digital certificate in database is carried out artificially to update (or automatically updating);Finally by digital certificate Non-update state is set to, TSM credentialing process is safeguarded in completion.
In the updating digital certificate device that the application is proposed, when the process of certificate update in ESE, in order to further ESE security is ensured, access safety method is applied using one kind, specifically, sets the application only specified to access ESE;
The application specified is carried when can specifically being dispatched from the factory by user mobile phone, or user through safety certification it Afterwards, it is downloaded to by CAMS or other secure ways on mobile phone;
After ESE certificate update is completed, if specifying application to be obtained for downloading mode, it is deleted from mobile phone, with Ensure that information is not divulged a secret.
It is described above, only it is presently preferred embodiments of the present invention, any formal limitation not is made to the present invention, although this Invention is disclosed above with preferred embodiment, but is not limited to the present invention, any those skilled in the art, Do not depart from the range of technical solution of the present invention, when the technology contents using the disclosure above make a little change or are modified to equivalent The equivalent embodiment of change, as long as being the content without departing from technical solution of the present invention, the technical spirit according to the present invention is to the above Any simple modification, equivalent variations and modification that embodiment is made, in the range of still falling within technical solution of the present invention.

Claims (10)

1. a kind of digital certificate updating method, it is characterised in that including:
Step S1:Verify old certificate file and certificate signature;
Step S2:The new certificate file of installation and execution signature process;
Step S3:Delete old instance objects and certificate file.
2. digital certificate updating method as claimed in claim 1, it is characterised in that the step S1, the old certificate file of checking And certificate signature, including:
Step S101:Application memory sends certificate update request;
Step S102:Integrated access management server receives the old certificate stored in request, checking application memory, if Then execution step S103 is proved to be successful, otherwise terminates this method;
Step S103:Send authentication signature request and give embedded-type security element;
Step S104:The signature file of old certificate is sent to integrated access management server by embedded-type security element;
Step S105:Integrated access management server verifies the signature of old certificate, is proved to be successful then execution step S2, otherwise terminates This method.
3. digital certificate updating method as claimed in claim 1, it is characterised in that the new certificate text of the step S2, installation Part, including:
Step S201:Integrated access management server sends more new command to trusted service management platform;
Step S202:Instance objects are created in embedded-type security element;
Step S203:Trusted service management platform sends the personal recognition code instruction of installation;
Step S204:Embedded-type security element carries out the installation of personal recognition code to instance objects;
Step S205:Trusted service management platform sends certificate file to embedded-type security element;
Step S206:Embedded-type security element installs certificate file in instance objects.
4. digital certificate updating method as claimed in claim 1, it is characterised in that the step S3, the old instance objects of deletion And certificate file, including:
Step S301:Trusted service management platform sends old instance objects and deletes instruction;
Step S302:Embedded-type security element is deleted old instance objects;
Step S303:Trusted service management platform sends detection instruction;
Step S304:Embedded-type security element detects that judgement detects whether success to result, and step is performed if success S305, otherwise performs step S2;
Step S305:Update and complete in application memory display.
5. the digital certificate updating method as described in claim 1-4 is any, it is characterised in that performing step S2, installing new Certificate file before, also perform following operation:
Step R101:Trusted service management platform selects shared secret data to refer to the transmission external authentication of embedded-type security element Order;
Step R102:Embedded-type security element carries out external authentication to trusted service management platform.
6. the digital certificate updating method as described in claim 1-4 is any, it is characterised in that performing step S203, credible Service management platform is sent before the personal recognition code instruction of installation, also performs following operation:
Step R201:Trusted service management platform sends application identities matching instruction;
Step R202:Judge whether ESE matchings succeed, step S203 is performed if success, otherwise terminates this method.
7. a kind of updating digital certificate device, it is characterised in that including:
Old certificate validator, for verifying old certificate file and certificate signature;
New authentication erector, new certificate file and execution signature process for installing;
Old certificate canceller, for deleting old instance objects and certificate file.
8. updating digital certificate device as claimed in claim 7, it is characterised in that the old certificate validator includes:
Request module is updated, certificate update request is sent for application memory;
Old certification authentication module, receives for integrated access management server and is stored in request, checking application memory Old certificate;
Signature request module, embedded-type security element is given for sending authentication signature request;
The signature file of old certificate, integrated access management service is sent to for embedded-type security element by data transmission module Device;
Signature verification module, the signature of old certificate is verified for integrated access management server.
9. updating digital certificate device as claimed in claim 7, it is characterised in that the new authentication erector includes:
Instruction module is updated, more new command is sent to trusted service management platform for integrated access management server;
Example creation module, for creating instance objects in embedded-type security element;
Instruction module is recognized, the personal recognition code instruction of installation is sent for trusted service management platform;
Personal recognition code installs module, is installed for instance objects to be carried out with personal recognition code;
Document transmission module, certificate file is sent for trusted service management platform to embedded-type security element;
Certificate installs module, and certificate file is installed in instance objects for embedded-type security element.
10. updating digital certificate device as claimed in claim 7, it is characterised in that the old certificate canceller includes:
Instruction module is deleted, sending old instance objects for trusted service management platform deletes instruction;
Old instance objects are deleted by example removing module for embedded-type security element;
Instruction module is detected, detection instruction is sent for trusted service management platform;
As a result detection module, for being detected to result, and judges whether success;
Display module is updated, is completed for showing to update in application memory.
CN201710618107.6A 2017-07-26 2017-07-26 A kind of digital certificate updating method and device Pending CN107171814A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710618107.6A CN107171814A (en) 2017-07-26 2017-07-26 A kind of digital certificate updating method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710618107.6A CN107171814A (en) 2017-07-26 2017-07-26 A kind of digital certificate updating method and device

Publications (1)

Publication Number Publication Date
CN107171814A true CN107171814A (en) 2017-09-15

Family

ID=59817441

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710618107.6A Pending CN107171814A (en) 2017-07-26 2017-07-26 A kind of digital certificate updating method and device

Country Status (1)

Country Link
CN (1) CN107171814A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109922056A (en) * 2019-02-26 2019-06-21 阿里巴巴集团控股有限公司 Data safety processing method and its terminal, server
CN113259108A (en) * 2020-02-10 2021-08-13 上海艾拉比智能科技有限公司 Certificate updating method, Internet of things platform and Internet of things equipment
WO2024055302A1 (en) * 2022-09-16 2024-03-21 Nokia Shanghai Bell Co., Ltd. Method and apparatus for mitigating a risk of service un-availability during ca migaration

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103117987A (en) * 2011-11-17 2013-05-22 航天信息股份有限公司 Digital certificate updating method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103117987A (en) * 2011-11-17 2013-05-22 航天信息股份有限公司 Digital certificate updating method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109922056A (en) * 2019-02-26 2019-06-21 阿里巴巴集团控股有限公司 Data safety processing method and its terminal, server
US11251976B2 (en) 2019-02-26 2022-02-15 Advanced New Technologies Co., Ltd. Data security processing method and terminal thereof, and server
CN113259108A (en) * 2020-02-10 2021-08-13 上海艾拉比智能科技有限公司 Certificate updating method, Internet of things platform and Internet of things equipment
WO2024055302A1 (en) * 2022-09-16 2024-03-21 Nokia Shanghai Bell Co., Ltd. Method and apparatus for mitigating a risk of service un-availability during ca migaration

Similar Documents

Publication Publication Date Title
CN107070667B (en) Identity authentication method
KR101759193B1 (en) Network authentication method for secure electronic transactions
CN101828357B (en) Credential provisioning method and device
RU2515809C2 (en) Methods for facilitating secure self-initialisation of subscriber devices in communication system
JP5601729B2 (en) How to log into a mobile radio network
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN108768664A (en) Key management method, device, system, storage medium and computer equipment
TW201741922A (en) Biological feature based safety certification method and device
JP2019519827A (en) Two-channel authentication agent system and method capable of detecting false alteration of application
US10050791B2 (en) Method for verifying the identity of a user of a communicating terminal and associated system
US20180184290A1 (en) Embedded Certificate Method for Strong Authentication and Ease of Use for Wireless IoT Systems
CN102171971B (en) Releasing a service on an electronic appliance
US20110113241A1 (en) Ic card, ic card system, and method thereof
KR101210260B1 (en) OTP certification device
CN101300808A (en) Method and arrangement for secure autentication
JP2012530311A5 (en)
CN101841525A (en) Secure access method, system and client
CN110278084B (en) eID establishing method, related device and system
CN107171814A (en) A kind of digital certificate updating method and device
KR101792220B1 (en) Method, mobile terminal, device and program for providing user authentication service of combining biometric authentication
KR20180119178A (en) Methods and apparatus for registration of fido and cerificates based on authentication chain
JP5277888B2 (en) Application issuing system, apparatus and method
CN104869122A (en) Gesture password identity authentication method based on electronic signature and system thereof
JP2003298574A (en) Electronic apparatus, authentication station, electronic apparatus authentication system, and electronic apparatus authentication method
JP2005318269A (en) Electronic certificate management system, method and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170915