CN107332667A - A kind of inquiry system of use digital certificate - Google Patents

A kind of inquiry system of use digital certificate Download PDF

Info

Publication number
CN107332667A
CN107332667A CN201710537693.1A CN201710537693A CN107332667A CN 107332667 A CN107332667 A CN 107332667A CN 201710537693 A CN201710537693 A CN 201710537693A CN 107332667 A CN107332667 A CN 107332667A
Authority
CN
China
Prior art keywords
digital certificate
client
module
mac address
identity code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710537693.1A
Other languages
Chinese (zh)
Inventor
田洪川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Masukuni Clouds Technology Co Ltd
Original Assignee
Sichuan Masukuni Clouds Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Masukuni Clouds Technology Co Ltd filed Critical Sichuan Masukuni Clouds Technology Co Ltd
Priority to CN201710537693.1A priority Critical patent/CN107332667A/en
Publication of CN107332667A publication Critical patent/CN107332667A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The invention discloses a kind of inquiry system of use digital certificate, including:Prestore movable storage device, the client and server end of the first digital certificate and the second digital certificate;First digital certificate includes the first public key;Second digital certificate includes MAC Address;The client includes:Read module for reading information in movable storage device;For the first communication module communicated with server end;The server end includes:For the second communication module communicated with client;Storage module for the identity code that prestores;The analysis module of the first identity code is generated for the first public key in the first digital certificate for being transferred according to second communication module by client.A kind of inquiry system of use digital certificate of the present invention; because the MAC Address of equipment is not met with the MAC Address in the second digital certificate; so as to server end denied access so that stealer can not calling and obtaining user personal information, protect the safety of userspersonal information.

Description

A kind of inquiry system of use digital certificate
Technical field
The present invention relates to a kind of coded communication field, and in particular to a kind of inquiry system of use digital certificate.
Background technology
Digital certificate is a kind of authoritative electronic document, can be by the just third-party institution of authority, i.e., CA is (such as in The CA companies of state each place) certificate that center is signed and issued, it can also be signed and issued by enterprise-level CA systems.Using digital certificate as core Encryption technology (safe practice such as encrypted transmission, digital signature, digital envelope) information of transmission over networks can be added Close and decryption, digital signature and signature verification, it is ensured that confidentiality, integrality and the non-repudiation of transaction of online transmission information Property.Digital certificate is used, even if the information that you send is intercepted and captured on the net by other people, or even you lost the account, close of individual The information such as code, can still ensure your account, fund security.
But in existing digital certificate encryption technology, if digital certificate is stolen, stealer can pass through numeral card Book extracts the personal information of user, so as to cause userspersonal information to reveal, or even causes the economic asset of user to lose.
The content of the invention
During the technical problems to be solved by the invention are existing digital certificate encryption technology, if digital certificate is stolen Take, stealer can extract the personal information of user by digital certificate, so as to cause userspersonal information to reveal, or even cause The economic asset loss of user, it is therefore intended that a kind of inquiry system of use digital certificate is provided, solved the above problems.
The present invention is achieved through the following technical solutions:
A kind of inquiry system of use digital certificate, including:Prestore the movement of the first digital certificate and the second digital certificate Storage device, client and server end;First digital certificate includes the first public key;Second digital certificate includes MAC Address;The client includes:Read module for reading information in movable storage device;For entering with server end The first communication module of row communication;The server end includes:For the second communication module communicated with client;For The storage module for the identity code that prestores;For first in the first digital certificate for being transferred according to second communication module by client Public key generates the analysis module of the first identity code;The analysis module is additionally operable to read MAC included in the second digital certificate Address;For the contrast module for comparing MAC Address included in the second digital certificate MAC Address actual with client; The contrast module identity code that is additionally operable to prestore is compared with the first identity code;The second communication module is additionally operable to One identity code it is consistent with the identity code that prestores of storage module when by subscriber authentication;The second communication module is additionally operable to Pass through authentication when included MAC Address is consistent with the MAC Address that client is actual in second digital certificate;It is described Second communication module be additionally operable in subscriber authentication and authentication any one not over when refusal first lead to Believe module accesses.
In the prior art, in digital certificate encryption technology, if digital certificate is stolen, stealer can pass through numeral card Book extracts the personal information of user, so as to cause userspersonal information to reveal, or even causes the economic asset of user to lose.This hair During bright application, read module reads information in movable storage device, and first communication module is communicated with server end;Second leads to Letter module is communicated with client;Storage module prestores identity code;Analysis module passes through client according to second communication module The first public key in the first digital certificate transferred generates the first identity code;The analysis module is additionally operable to read the second numeral card Included MAC Address in book;Contrast module is by MAC Address included in the second digital certificate MAC actual with client What address was compared;The contrast module identity code that is additionally operable to prestore is compared with the first identity code;The second communication mould Block is additionally operable to when the first identity code is consistent with the identity code that prestores of storage module by subscriber authentication;Second communication Module be additionally operable in the second digital certificate included MAC Address it is consistent with the MAC Address of client reality when by equipment Authentication;The second communication module be additionally operable in subscriber authentication and authentication any one not over When refusal first communication module access.Included MAC Address is usually trusted client in second digital certificate, when When digital certificate is stolen, when stealer transfers the personal information of server end using other equipment, due to equipment MAC Address with MAC Address in second digital certificate is not met, so that server end denied access so that stealer can not calling and obtaining user People's information, protects the safety of userspersonal information.
Further, the second communication module is additionally operable to the client by subscriber authentication and authentication End sends personal information.
Further, first identity code uses 128 bit digitals.
Further, it is described that first identity code is generated according to the first public key, using RSA Algorithm.
Further, the quantity of MAC Address included in second digital certificate for two and more than.
When the present invention is applied, user can set the client that two and the above are trusted, so as to more facilitate client to use.
The present invention compared with prior art, has the following advantages and advantages:
A kind of inquiry system of use digital certificate of the present invention, due in the MAC Address and the second digital certificate of equipment MAC Address is not met, so that server end denied access so that stealer can not calling and obtaining user personal information, protect use The safety of family personal information.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding the embodiment of the present invention, constitutes one of the application Point, do not constitute the restriction to the embodiment of the present invention.In the accompanying drawings:
Fig. 1 is present system structural representation.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, with reference to embodiment and accompanying drawing, to this Invention is described in further detail, and exemplary embodiment and its explanation of the invention is only used for explaining the present invention, does not make For limitation of the invention.
Embodiment
As shown in figure 1, a kind of inquiry system of use digital certificate of the invention, including:Prestore the first digital certificate and The movable storage device of two digital certificates, client and server end;First digital certificate includes the first public key;Described Two digital certificates include MAC Address;The client includes:Read module for reading information in movable storage device;With In the first communication module communicated with server end;The server end includes:For communicated with client Two communication modules;Storage module for the identity code that prestores;For transferred according to second communication module by client first The first public key in digital certificate generates the analysis module of the first identity code;The analysis module is additionally operable to read the second numeral card Included MAC Address in book;For by MAC Address included in the second digital certificate MAC Address actual with client The contrast module of comparison;The contrast module identity code that is additionally operable to prestore is compared with the first identity code;Described second leads to Letter module is additionally operable to when the first identity code is consistent with the identity code that prestores of storage module by subscriber authentication;Described second The MAC Address that communication module is additionally operable to included MAC Address in the second digital certificate with client is actual passes through when consistent Authentication;The second communication module, which is additionally operable to any one in subscriber authentication and authentication, not to be had By when refusal first communication module access.The second communication module is additionally operable to by subscriber authentication and equipment identities The client of checking sends personal information.First identity code uses 128 bit digitals.It is described to generate first according to the first public key Identity code, using RSA Algorithm.In second digital certificate quantity of included MAC Address for two and more than.
When the present embodiment is implemented, read module reads information, first communication module and server end in movable storage device Communicated;Second communication module is communicated with client;Storage module prestores identity code;Analysis module is according to the second communication The first public key in the first digital certificate that module is transferred by client generates the first identity code;The analysis module is additionally operable to Read MAC Address included in the second digital certificate;Contrast module is by MAC Address included in the second digital certificate and visitor The actual MAC Address in family end is compared;The contrast module identity code that is additionally operable to prestore is compared with the first identity code;Institute Second communication module is stated to be additionally operable to when the first identity code is consistent with the identity code that prestores of storage module by subscriber authentication; The second communication module is additionally operable to the MAC Address one actual with client of included MAC Address in the second digital certificate Pass through authentication during cause;The second communication module is additionally operable in subscriber authentication and authentication arbitrarily One not over when refusal first communication module access.Included MAC Address is usually and believed in second digital certificate The client appointed, when digital certificate is stolen, when stealer transfers the personal information of server end using other equipment, due to setting Standby MAC Address is not met with the MAC Address in the second digital certificate, so that server end denied access so that stealer without The personal information of method calling and obtaining user, protects the safety of userspersonal information.User can set the visitor that two and the above are trusted Family end, so as to more facilitate client to use.
Above-described embodiment, has been carried out further to the purpose of the present invention, technical scheme and beneficial effect Describe in detail, should be understood that the embodiment that the foregoing is only the present invention, be not intended to limit the present invention Protection domain, within the spirit and principles of the invention, any modification, equivalent substitution and improvements done etc. all should be included Within protection scope of the present invention.

Claims (5)

1. a kind of inquiry system of use digital certificate, it is characterised in that including:Prestore the first digital certificate and the second numeral card The movable storage device of book, client and server end;First digital certificate includes the first public key;The second numeral card School bag includes MAC Address;The client includes:
Read module for reading information in movable storage device;
For the first communication module communicated with server end;
The server end includes:
For the second communication module communicated with client;
Storage module for the identity code that prestores;
The first identity is generated for the first public key in the first digital certificate for being transferred according to second communication module by client The analysis module of code;The analysis module is additionally operable to read MAC Address included in the second digital certificate;
For the contrast module for comparing MAC Address included in the second digital certificate MAC Address actual with client;Institute The contrast module identity code that is additionally operable to prestore is stated to be compared with the first identity code;
The second communication module is additionally operable to when the first identity code is consistent with the identity code that prestores of storage module by user's body Part checking;
The second communication module is with being additionally operable to the MAC actual with client of included MAC Address in the second digital certificate Pass through authentication when location is consistent;
The second communication module be additionally operable in subscriber authentication and authentication any one not over when refuse Exhausted first communication module is accessed.
2. a kind of inquiry system of use digital certificate according to claim 1, it is characterised in that the second communication mould Block is additionally operable to send personal information to by the client of subscriber authentication and authentication.
3. a kind of inquiry system of use digital certificate according to claim 1, it is characterised in that first identity code Using 128 bit digitals.
4. the inquiry system of a kind of use digital certificate according to claim 1, it is characterised in that described public according to first Key generates the first identity code, using RSA Algorithm.
5. a kind of inquiry system of use digital certificate according to claim 1, it is characterised in that the second numeral card In book the quantity of included MAC Address for two and more than.
CN201710537693.1A 2017-07-04 2017-07-04 A kind of inquiry system of use digital certificate Pending CN107332667A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710537693.1A CN107332667A (en) 2017-07-04 2017-07-04 A kind of inquiry system of use digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710537693.1A CN107332667A (en) 2017-07-04 2017-07-04 A kind of inquiry system of use digital certificate

Publications (1)

Publication Number Publication Date
CN107332667A true CN107332667A (en) 2017-11-07

Family

ID=60197969

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710537693.1A Pending CN107332667A (en) 2017-07-04 2017-07-04 A kind of inquiry system of use digital certificate

Country Status (1)

Country Link
CN (1) CN107332667A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3899728A4 (en) * 2018-12-21 2022-08-24 Micron Technology, Inc. Memory device and managed memory system with wireless debug communication port and methods for operating the same

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145903A (en) * 2007-10-24 2008-03-19 中兴通讯股份有限公司 User authentication method
CN102271042A (en) * 2011-08-25 2011-12-07 北京神州绿盟信息安全科技股份有限公司 Certificate authorization method, system, universal serial bus (USB) Key equipment and server
CN102711109A (en) * 2012-06-12 2012-10-03 中国电力科学研究院 Method for performing identity authentication on mobile terminal
CN103001970A (en) * 2012-12-20 2013-03-27 中国工商银行股份有限公司 Safety authentication method and safety authentication system
US20160112417A1 (en) * 2008-04-21 2016-04-21 Jonathan Attia Terminal for strong authentication of a user
CN106470201A (en) * 2015-08-21 2017-03-01 中兴通讯股份有限公司 A kind of user authen method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101145903A (en) * 2007-10-24 2008-03-19 中兴通讯股份有限公司 User authentication method
US20160112417A1 (en) * 2008-04-21 2016-04-21 Jonathan Attia Terminal for strong authentication of a user
CN102271042A (en) * 2011-08-25 2011-12-07 北京神州绿盟信息安全科技股份有限公司 Certificate authorization method, system, universal serial bus (USB) Key equipment and server
CN102711109A (en) * 2012-06-12 2012-10-03 中国电力科学研究院 Method for performing identity authentication on mobile terminal
CN103001970A (en) * 2012-12-20 2013-03-27 中国工商银行股份有限公司 Safety authentication method and safety authentication system
CN106470201A (en) * 2015-08-21 2017-03-01 中兴通讯股份有限公司 A kind of user authen method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王蕾,桂学文: "《电子支付原理与应用》", 31 March 2016 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3899728A4 (en) * 2018-12-21 2022-08-24 Micron Technology, Inc. Memory device and managed memory system with wireless debug communication port and methods for operating the same

Similar Documents

Publication Publication Date Title
CN108270571B (en) Internet of Things identity authorization system and its method based on block chain
CN103440444B (en) The signing method of electronic contract
CN108833114A (en) A kind of decentralization identity authorization system and method based on block chain
CN1689297B (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
RU2323530C2 (en) Method for registration and activation of pki functions
CN104662941A (en) Supporting the use of a secret key
CN109412812A (en) Data safe processing system, method, apparatus and storage medium
US8316437B2 (en) Method for protecting the access to an electronic object connected to a computer
CN104322003A (en) Cryptographic authentication and identification method using real-time encryption
CN106850638A (en) A kind of mobile unit access control method and system
CN103401686B (en) A kind of user's OTP WEB Authentication System and application process thereof
CN1645789A (en) Electronic e-mail system with intelligent card
CN106789977B (en) Method and system for realizing mobile phone token based on key segmentation
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system
CN105608775B (en) A kind of method of authentication, terminal, access card and SAM card
JPH10336172A (en) Managing method of public key for electronic authentication
CN109087102A (en) Transaction protection robot system based on block chain
CN105490814A (en) Ticket real name authentication method and system based on three-dimensional code
CN107342998A (en) The personal information extracting method realized by movable storage device
US10764260B2 (en) Distributed processing of a product on the basis of centrally encrypted stored data
CN101795194B (en) Method for protecting multi-digital certificate of intelligent card
CN107332667A (en) A kind of inquiry system of use digital certificate
US11463251B2 (en) Method for secure management of secrets in a hierarchical multi-tenant environment
CN107451647A (en) A kind of post special SIM card of built-in security mechanisms
CN105743883B (en) A kind of the identity attribute acquisition methods and device of network application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171107