CN107332667A - A kind of inquiry system of use digital certificate - Google Patents
A kind of inquiry system of use digital certificate Download PDFInfo
- Publication number
- CN107332667A CN107332667A CN201710537693.1A CN201710537693A CN107332667A CN 107332667 A CN107332667 A CN 107332667A CN 201710537693 A CN201710537693 A CN 201710537693A CN 107332667 A CN107332667 A CN 107332667A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- client
- module
- mac address
- identity code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
The invention discloses a kind of inquiry system of use digital certificate, including:Prestore movable storage device, the client and server end of the first digital certificate and the second digital certificate;First digital certificate includes the first public key;Second digital certificate includes MAC Address;The client includes:Read module for reading information in movable storage device;For the first communication module communicated with server end;The server end includes:For the second communication module communicated with client;Storage module for the identity code that prestores;The analysis module of the first identity code is generated for the first public key in the first digital certificate for being transferred according to second communication module by client.A kind of inquiry system of use digital certificate of the present invention; because the MAC Address of equipment is not met with the MAC Address in the second digital certificate; so as to server end denied access so that stealer can not calling and obtaining user personal information, protect the safety of userspersonal information.
Description
Technical field
The present invention relates to a kind of coded communication field, and in particular to a kind of inquiry system of use digital certificate.
Background technology
Digital certificate is a kind of authoritative electronic document, can be by the just third-party institution of authority, i.e., CA is (such as in
The CA companies of state each place) certificate that center is signed and issued, it can also be signed and issued by enterprise-level CA systems.Using digital certificate as core
Encryption technology (safe practice such as encrypted transmission, digital signature, digital envelope) information of transmission over networks can be added
Close and decryption, digital signature and signature verification, it is ensured that confidentiality, integrality and the non-repudiation of transaction of online transmission information
Property.Digital certificate is used, even if the information that you send is intercepted and captured on the net by other people, or even you lost the account, close of individual
The information such as code, can still ensure your account, fund security.
But in existing digital certificate encryption technology, if digital certificate is stolen, stealer can pass through numeral card
Book extracts the personal information of user, so as to cause userspersonal information to reveal, or even causes the economic asset of user to lose.
The content of the invention
During the technical problems to be solved by the invention are existing digital certificate encryption technology, if digital certificate is stolen
Take, stealer can extract the personal information of user by digital certificate, so as to cause userspersonal information to reveal, or even cause
The economic asset loss of user, it is therefore intended that a kind of inquiry system of use digital certificate is provided, solved the above problems.
The present invention is achieved through the following technical solutions:
A kind of inquiry system of use digital certificate, including:Prestore the movement of the first digital certificate and the second digital certificate
Storage device, client and server end;First digital certificate includes the first public key;Second digital certificate includes
MAC Address;The client includes:Read module for reading information in movable storage device;For entering with server end
The first communication module of row communication;The server end includes:For the second communication module communicated with client;For
The storage module for the identity code that prestores;For first in the first digital certificate for being transferred according to second communication module by client
Public key generates the analysis module of the first identity code;The analysis module is additionally operable to read MAC included in the second digital certificate
Address;For the contrast module for comparing MAC Address included in the second digital certificate MAC Address actual with client;
The contrast module identity code that is additionally operable to prestore is compared with the first identity code;The second communication module is additionally operable to
One identity code it is consistent with the identity code that prestores of storage module when by subscriber authentication;The second communication module is additionally operable to
Pass through authentication when included MAC Address is consistent with the MAC Address that client is actual in second digital certificate;It is described
Second communication module be additionally operable in subscriber authentication and authentication any one not over when refusal first lead to
Believe module accesses.
In the prior art, in digital certificate encryption technology, if digital certificate is stolen, stealer can pass through numeral card
Book extracts the personal information of user, so as to cause userspersonal information to reveal, or even causes the economic asset of user to lose.This hair
During bright application, read module reads information in movable storage device, and first communication module is communicated with server end;Second leads to
Letter module is communicated with client;Storage module prestores identity code;Analysis module passes through client according to second communication module
The first public key in the first digital certificate transferred generates the first identity code;The analysis module is additionally operable to read the second numeral card
Included MAC Address in book;Contrast module is by MAC Address included in the second digital certificate MAC actual with client
What address was compared;The contrast module identity code that is additionally operable to prestore is compared with the first identity code;The second communication mould
Block is additionally operable to when the first identity code is consistent with the identity code that prestores of storage module by subscriber authentication;Second communication
Module be additionally operable in the second digital certificate included MAC Address it is consistent with the MAC Address of client reality when by equipment
Authentication;The second communication module be additionally operable in subscriber authentication and authentication any one not over
When refusal first communication module access.Included MAC Address is usually trusted client in second digital certificate, when
When digital certificate is stolen, when stealer transfers the personal information of server end using other equipment, due to equipment MAC Address with
MAC Address in second digital certificate is not met, so that server end denied access so that stealer can not calling and obtaining user
People's information, protects the safety of userspersonal information.
Further, the second communication module is additionally operable to the client by subscriber authentication and authentication
End sends personal information.
Further, first identity code uses 128 bit digitals.
Further, it is described that first identity code is generated according to the first public key, using RSA Algorithm.
Further, the quantity of MAC Address included in second digital certificate for two and more than.
When the present invention is applied, user can set the client that two and the above are trusted, so as to more facilitate client to use.
The present invention compared with prior art, has the following advantages and advantages:
A kind of inquiry system of use digital certificate of the present invention, due in the MAC Address and the second digital certificate of equipment
MAC Address is not met, so that server end denied access so that stealer can not calling and obtaining user personal information, protect use
The safety of family personal information.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding the embodiment of the present invention, constitutes one of the application
Point, do not constitute the restriction to the embodiment of the present invention.In the accompanying drawings:
Fig. 1 is present system structural representation.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, with reference to embodiment and accompanying drawing, to this
Invention is described in further detail, and exemplary embodiment and its explanation of the invention is only used for explaining the present invention, does not make
For limitation of the invention.
Embodiment
As shown in figure 1, a kind of inquiry system of use digital certificate of the invention, including:Prestore the first digital certificate and
The movable storage device of two digital certificates, client and server end;First digital certificate includes the first public key;Described
Two digital certificates include MAC Address;The client includes:Read module for reading information in movable storage device;With
In the first communication module communicated with server end;The server end includes:For communicated with client
Two communication modules;Storage module for the identity code that prestores;For transferred according to second communication module by client first
The first public key in digital certificate generates the analysis module of the first identity code;The analysis module is additionally operable to read the second numeral card
Included MAC Address in book;For by MAC Address included in the second digital certificate MAC Address actual with client
The contrast module of comparison;The contrast module identity code that is additionally operable to prestore is compared with the first identity code;Described second leads to
Letter module is additionally operable to when the first identity code is consistent with the identity code that prestores of storage module by subscriber authentication;Described second
The MAC Address that communication module is additionally operable to included MAC Address in the second digital certificate with client is actual passes through when consistent
Authentication;The second communication module, which is additionally operable to any one in subscriber authentication and authentication, not to be had
By when refusal first communication module access.The second communication module is additionally operable to by subscriber authentication and equipment identities
The client of checking sends personal information.First identity code uses 128 bit digitals.It is described to generate first according to the first public key
Identity code, using RSA Algorithm.In second digital certificate quantity of included MAC Address for two and more than.
When the present embodiment is implemented, read module reads information, first communication module and server end in movable storage device
Communicated;Second communication module is communicated with client;Storage module prestores identity code;Analysis module is according to the second communication
The first public key in the first digital certificate that module is transferred by client generates the first identity code;The analysis module is additionally operable to
Read MAC Address included in the second digital certificate;Contrast module is by MAC Address included in the second digital certificate and visitor
The actual MAC Address in family end is compared;The contrast module identity code that is additionally operable to prestore is compared with the first identity code;Institute
Second communication module is stated to be additionally operable to when the first identity code is consistent with the identity code that prestores of storage module by subscriber authentication;
The second communication module is additionally operable to the MAC Address one actual with client of included MAC Address in the second digital certificate
Pass through authentication during cause;The second communication module is additionally operable in subscriber authentication and authentication arbitrarily
One not over when refusal first communication module access.Included MAC Address is usually and believed in second digital certificate
The client appointed, when digital certificate is stolen, when stealer transfers the personal information of server end using other equipment, due to setting
Standby MAC Address is not met with the MAC Address in the second digital certificate, so that server end denied access so that stealer without
The personal information of method calling and obtaining user, protects the safety of userspersonal information.User can set the visitor that two and the above are trusted
Family end, so as to more facilitate client to use.
Above-described embodiment, has been carried out further to the purpose of the present invention, technical scheme and beneficial effect
Describe in detail, should be understood that the embodiment that the foregoing is only the present invention, be not intended to limit the present invention
Protection domain, within the spirit and principles of the invention, any modification, equivalent substitution and improvements done etc. all should be included
Within protection scope of the present invention.
Claims (5)
1. a kind of inquiry system of use digital certificate, it is characterised in that including:Prestore the first digital certificate and the second numeral card
The movable storage device of book, client and server end;First digital certificate includes the first public key;The second numeral card
School bag includes MAC Address;The client includes:
Read module for reading information in movable storage device;
For the first communication module communicated with server end;
The server end includes:
For the second communication module communicated with client;
Storage module for the identity code that prestores;
The first identity is generated for the first public key in the first digital certificate for being transferred according to second communication module by client
The analysis module of code;The analysis module is additionally operable to read MAC Address included in the second digital certificate;
For the contrast module for comparing MAC Address included in the second digital certificate MAC Address actual with client;Institute
The contrast module identity code that is additionally operable to prestore is stated to be compared with the first identity code;
The second communication module is additionally operable to when the first identity code is consistent with the identity code that prestores of storage module by user's body
Part checking;
The second communication module is with being additionally operable to the MAC actual with client of included MAC Address in the second digital certificate
Pass through authentication when location is consistent;
The second communication module be additionally operable in subscriber authentication and authentication any one not over when refuse
Exhausted first communication module is accessed.
2. a kind of inquiry system of use digital certificate according to claim 1, it is characterised in that the second communication mould
Block is additionally operable to send personal information to by the client of subscriber authentication and authentication.
3. a kind of inquiry system of use digital certificate according to claim 1, it is characterised in that first identity code
Using 128 bit digitals.
4. the inquiry system of a kind of use digital certificate according to claim 1, it is characterised in that described public according to first
Key generates the first identity code, using RSA Algorithm.
5. a kind of inquiry system of use digital certificate according to claim 1, it is characterised in that the second numeral card
In book the quantity of included MAC Address for two and more than.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710537693.1A CN107332667A (en) | 2017-07-04 | 2017-07-04 | A kind of inquiry system of use digital certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710537693.1A CN107332667A (en) | 2017-07-04 | 2017-07-04 | A kind of inquiry system of use digital certificate |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107332667A true CN107332667A (en) | 2017-11-07 |
Family
ID=60197969
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710537693.1A Pending CN107332667A (en) | 2017-07-04 | 2017-07-04 | A kind of inquiry system of use digital certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107332667A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3899728A4 (en) * | 2018-12-21 | 2022-08-24 | Micron Technology, Inc. | Memory device and managed memory system with wireless debug communication port and methods for operating the same |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101145903A (en) * | 2007-10-24 | 2008-03-19 | 中兴通讯股份有限公司 | User authentication method |
CN102271042A (en) * | 2011-08-25 | 2011-12-07 | 北京神州绿盟信息安全科技股份有限公司 | Certificate authorization method, system, universal serial bus (USB) Key equipment and server |
CN102711109A (en) * | 2012-06-12 | 2012-10-03 | 中国电力科学研究院 | Method for performing identity authentication on mobile terminal |
CN103001970A (en) * | 2012-12-20 | 2013-03-27 | 中国工商银行股份有限公司 | Safety authentication method and safety authentication system |
US20160112417A1 (en) * | 2008-04-21 | 2016-04-21 | Jonathan Attia | Terminal for strong authentication of a user |
CN106470201A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of user authen method and device |
-
2017
- 2017-07-04 CN CN201710537693.1A patent/CN107332667A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101145903A (en) * | 2007-10-24 | 2008-03-19 | 中兴通讯股份有限公司 | User authentication method |
US20160112417A1 (en) * | 2008-04-21 | 2016-04-21 | Jonathan Attia | Terminal for strong authentication of a user |
CN102271042A (en) * | 2011-08-25 | 2011-12-07 | 北京神州绿盟信息安全科技股份有限公司 | Certificate authorization method, system, universal serial bus (USB) Key equipment and server |
CN102711109A (en) * | 2012-06-12 | 2012-10-03 | 中国电力科学研究院 | Method for performing identity authentication on mobile terminal |
CN103001970A (en) * | 2012-12-20 | 2013-03-27 | 中国工商银行股份有限公司 | Safety authentication method and safety authentication system |
CN106470201A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of user authen method and device |
Non-Patent Citations (1)
Title |
---|
王蕾,桂学文: "《电子支付原理与应用》", 31 March 2016 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3899728A4 (en) * | 2018-12-21 | 2022-08-24 | Micron Technology, Inc. | Memory device and managed memory system with wireless debug communication port and methods for operating the same |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108270571B (en) | Internet of Things identity authorization system and its method based on block chain | |
CN103440444B (en) | The signing method of electronic contract | |
CN108833114A (en) | A kind of decentralization identity authorization system and method based on block chain | |
CN1689297B (en) | Method of preventing unauthorized distribution and use of electronic keys using a key seed | |
RU2323530C2 (en) | Method for registration and activation of pki functions | |
CN104662941A (en) | Supporting the use of a secret key | |
CN109412812A (en) | Data safe processing system, method, apparatus and storage medium | |
US8316437B2 (en) | Method for protecting the access to an electronic object connected to a computer | |
CN104322003A (en) | Cryptographic authentication and identification method using real-time encryption | |
CN106850638A (en) | A kind of mobile unit access control method and system | |
CN103401686B (en) | A kind of user's OTP WEB Authentication System and application process thereof | |
CN1645789A (en) | Electronic e-mail system with intelligent card | |
CN106789977B (en) | Method and system for realizing mobile phone token based on key segmentation | |
CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
CN105608775B (en) | A kind of method of authentication, terminal, access card and SAM card | |
JPH10336172A (en) | Managing method of public key for electronic authentication | |
CN109087102A (en) | Transaction protection robot system based on block chain | |
CN105490814A (en) | Ticket real name authentication method and system based on three-dimensional code | |
CN107342998A (en) | The personal information extracting method realized by movable storage device | |
US10764260B2 (en) | Distributed processing of a product on the basis of centrally encrypted stored data | |
CN101795194B (en) | Method for protecting multi-digital certificate of intelligent card | |
CN107332667A (en) | A kind of inquiry system of use digital certificate | |
US11463251B2 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
CN107451647A (en) | A kind of post special SIM card of built-in security mechanisms | |
CN105743883B (en) | A kind of the identity attribute acquisition methods and device of network application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171107 |