CN107835079A - A kind of two-dimentional code authentication method and equipment based on digital certificate - Google Patents
A kind of two-dimentional code authentication method and equipment based on digital certificate Download PDFInfo
- Publication number
- CN107835079A CN107835079A CN201711065595.9A CN201711065595A CN107835079A CN 107835079 A CN107835079 A CN 107835079A CN 201711065595 A CN201711065595 A CN 201711065595A CN 107835079 A CN107835079 A CN 107835079A
- Authority
- CN
- China
- Prior art keywords
- quick response
- response code
- certificate
- user
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/06009—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
- G06K19/06037—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The present invention proposes a kind of two-dimentional code authentication method and equipment based on digital certificate, and the certificate authority certificate of the certificate authority and the Quick Response Code platform credential of the Quick Response Code platform are previously stored with end of scan;This method includes:The Quick Response Code to be certified specified by the end of scan acquisition user, and read data corresponding to the Quick Response Code;Wherein, the data include:Quick Response Code platform credential, the public key certificate of user, the signature of the user corresponding to the Quick Response Code;The certificate authority certificate and the Quick Response Code platform credential based on the end of scan memory storage are to the Quick Response Code platform credential, and the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code;When checking all by when, confirm that the two-dimentional code authentication passes through.With this based on the digital certificate prestored, offline two-dimentional code authentication is realized.
Description
Technical field
The present invention relates to field of authentication, more particularly to a kind of two-dimentional code authentication method and equipment based on digital certificate.
Background technology
With the fast development of mobile Internet, planar bar code technology is more and more applied in various daily lifes.
Due to the characteristic of the unidirectional information transmission of Quick Response Code, in order to be verified to 2 D code information, it is necessary to online real-time authentication of networking, this
Quick Response Code checking be result in network heavy dependence.It is bad or completely without the place of network in network signal, as remote
Area, cavern, tunnel etc., online real-time authentication can not be carried out, and have impact on the application and popularization of Quick Response Code.
Therefore the offline secure certification of Quick Response Code how is realized, the problem of being current in the urgent need to address.
The content of the invention
For in the prior art the defects of, the present invention, which proposes, a kind of two-dimentional code authentication method based on digital certificate and to be set
It is standby, based on the digital certificate prestored, realize offline two-dimentional code authentication.
Specifically, the present invention proposes embodiment in detail below:
The embodiment of the present invention proposes a kind of two-dimentional code authentication method based on digital certificate, applied to including certificate granting
Center, Quick Response Code platform, end of scan and user terminal system in, wherein, be previously stored with the end of scan described
The Quick Response Code platform credential of the certificate authority certificate of certificate authority and the Quick Response Code platform;This method includes:
The Quick Response Code to be certified specified by the end of scan acquisition user, and read the Quick Response Code pair
The data answered;Wherein, the data include:It is the public key certificate of user corresponding to Quick Response Code platform credential, the Quick Response Code, described
The signature of user;
The certificate authority certificate and the Quick Response Code platform credential pair based on the end of scan memory storage
The public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code platform credential, the Quick Response Code;
When checking all by when, confirm that the two-dimentional code authentication passes through.
In a specific embodiment, in be certified two specified by the end of scan acquisition user
Before tieing up code, in addition to:
Certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The label fed back by the Quick Response Code platform reception certificate authority based on the certificate signing request
The Quick Response Code platform credential of name;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
In a specific embodiment, completing the generating process of the Quick Response Code of certification includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the business specified according to the user is given birth to
Into essential information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Its
In, the Quick Response Code platform is when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Include the Quick Response Code platform of the Quick Response Code platform based on the essential information generation after the completion signature
Certificate, the public key certificate, the user signature Quick Response Code.
In a specific embodiment,
" the certificate authority certificate and Quick Response Code platform card based on the end of scan memory storage
Book is to Quick Response Code platform credential, and the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code ", bag
Include:
The certificate authority certificate based on the end of scan memory storage is carried out to the Quick Response Code platform credential
Legitimate verification;
If the legitimate verification passes through;It is corresponding to the Quick Response Code based on the Quick Response Code platform credential being verified
User public key certificate carry out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
In a specific embodiment, in addition to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
The embodiment of the present invention also proposed a kind of Quick Response Code authenticating device based on digital certificate, be awarded applied to including certificate
Power center, Quick Response Code platform, end of scan and user terminal system in, wherein, prestored in the end of scan
State the certificate authority certificate of certificate authority and the Quick Response Code platform credential of the Quick Response Code platform;The equipment bag
Include:
Read module, for the Quick Response Code to be certified specified by the end of scan acquisition user, and read
Take data corresponding to the Quick Response Code;Wherein, the data include:Quick Response Code platform credential, user corresponding to the Quick Response Code
Public key certificate, the signature of the user;
Authentication module, for based on the certificate authority certificate of the end of scan memory storage and the two dimension
Code platform credential is to the Quick Response Code platform credential, the public key certificate of user, the signature of the user corresponding to the Quick Response Code
Verified;
Confirm module, for when checking all by when, confirm that the two-dimentional code authentication passes through.
In a specific embodiment, in addition to:
Acquisition module, for obtained by the end of scan Quick Response Code to be certified that the user specifies it
Before, certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The label fed back by the Quick Response Code platform reception certificate authority based on the certificate signing request
The Quick Response Code platform credential of name;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
In a specific embodiment, completing the generating process of the Quick Response Code of certification includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the business specified according to the user is given birth to
Into essential information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Its
In, the Quick Response Code platform is when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Include the Quick Response Code platform of the Quick Response Code platform based on the essential information generation after the completion signature
Certificate, the public key certificate, the user signature Quick Response Code.
In a specific embodiment,
The authentication module, is used for:
The certificate authority certificate based on the end of scan memory storage is carried out to the Quick Response Code platform credential
Legitimate verification;
If the legitimate verification passes through;It is corresponding to the Quick Response Code based on the Quick Response Code platform credential being verified
User public key certificate carry out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
In a specific embodiment, the confirmation module, it is additionally operable to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
With this, the present invention proposes a kind of two-dimentional code authentication method and equipment based on digital certificate, applied to including card
Book authorization center, Quick Response Code platform, end of scan, in the system of user terminal, wherein, it is previously stored with the end of scan
The Quick Response Code platform credential of the certificate authority certificate of the certificate authority and the Quick Response Code platform;This method bag
Include:The Quick Response Code to be certified specified by the end of scan acquisition user, and read corresponding to the Quick Response Code
Data;Wherein, the data include:Quick Response Code platform credential, the public key certificate of user, the user corresponding to the Quick Response Code
Signature;The certificate authority certificate and the Quick Response Code platform credential based on the end of scan memory storage are to institute
Quick Response Code platform credential is stated, the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code;Work as checking
All by when, confirm that the two-dimentional code authentication passes through.With this based on the digital certificate prestored, offline Quick Response Code is realized
Certification.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached
Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair
The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this
A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 is a kind of schematic flow sheet for two-dimentional code authentication method based on digital certificate that the embodiment of the present invention proposes;
Fig. 2 is a kind of schematic flow sheet for two-dimentional code authentication method based on digital certificate that the embodiment of the present invention proposes;
Fig. 3 is the stream of verification process in a kind of two-dimentional code authentication method based on digital certificate that the embodiment of the present invention proposes
Journey schematic diagram;
Fig. 4 is a kind of structural representation for Quick Response Code authenticating device based on digital certificate that the embodiment of the present invention proposes.
Embodiment
Hereinafter, the various embodiments of the disclosure will be described more fully.The disclosure can have various embodiments, and
It can adjust and change wherein.It should be understood, however, that:It is limited to spy disclosed herein in the absence of by the various embodiments of the disclosure
Determine the intention of embodiment, but the disclosure should be interpreted as covering in the spirit and scope for the various embodiments for falling into the disclosure
All adjustment, equivalent and/or alternatives.
Hereinafter, disclosed in the term " comprising " that can be used in the various embodiments of the disclosure or " may include " instruction
Function, operation or the presence of element, and do not limit the increase of one or more functions, operation or element.In addition, such as exist
Used in the various embodiments of the disclosure, term " comprising ", " having " and its cognate are meant only to represent special characteristic, number
Word, step, operation, the combination of element, component or foregoing item, and be understood not to exclude first one or more other
Feature, numeral, step, operation, element, component or foregoing item combination presence or one or more features of increase, numeral,
Step, operation, element, component or foregoing item combination possibility.
In the various embodiments of the disclosure, stating "or" or " at least one in A or/and B " includes what is listed file names with
Any combinations of word or all combinations.For example, " A or B " or " at least one in A or/and B " may include A, may include for statement
B may include A and B both.
The statement (" first ", " second " etc.) used in the various embodiments of the disclosure can be modified in various implementations
Various element in example, but respective sets can not be limited into element.For example, presented above be not intended to limit the suitable of the element
Sequence and/or importance.The purpose presented above for being only used for differentiating an element and other elements.For example, the first user fills
Put and indicate different user device with second user device, although the two is all user's set.For example, each of the disclosure is not being departed from
In the case of the scope of kind embodiment, the first element is referred to alternatively as the second element, and similarly, the second element is also referred to as first
Element.
It should be noted that:, can be by the first composition member if an element ' attach ' to another element by description
Part is directly connected to the second element, and " connection " the 3rd can be formed between the first element and the second element
Element.On the contrary, when an element " being directly connected to " is arrived into another element, it will be appreciated that be in the first element
And second be not present the 3rd element between element.
The term " user " used in the various embodiments of the disclosure, which may indicate that, to be used the people of electronic installation or uses electricity
The device (for example, artificial intelligence electronic installation) of sub-device.
The term used in the various embodiments of the disclosure is only used for describing the purpose of specific embodiment and not anticipated
In the various embodiments of the limitation disclosure.As used herein, singulative is intended to also include plural form, unless context is clear
Chu it is indicated otherwise.Unless otherwise defined, all terms (including the technical term and scientific terminology) tool being otherwise used herein
There is the implication identical implication that the various embodiment one skilled in the art with the disclosure are generally understood that.The term
(term such as limited in the dictionary typically used) is to be interpreted as having and the situational meaning in correlative technology field
Identical implication and the implication with Utopian implication or overly formal will be not construed as, unless in the various of the disclosure
It is clearly defined in embodiment.
Embodiment 1
The embodiment of the present invention 1 proposes a kind of two-dimentional code authentication method based on digital certificate, is awarded applied to including certificate
Power center, Quick Response Code platform, end of scan and user terminal system in, wherein, prestored in the end of scan
State the certificate authority certificate of certificate authority and the Quick Response Code platform credential of the Quick Response Code platform;As shown in figure 1,
This method includes:
Step 101, the Quick Response Code to be certified that the user specifies is obtained by the end of scan, and described in reading
Data corresponding to Quick Response Code;Wherein, the data include:Quick Response Code platform credential, the public key of user corresponding to the Quick Response Code
Certificate, the signature of the user;
Step 102, put down based on the certificate authority certificate of the end of scan memory storage and the Quick Response Code
Platform certificate is to the Quick Response Code platform credential, and the public key certificate of user, the signature of the user are carried out corresponding to the Quick Response Code
Checking;
Step 103, when checking all by when, confirm that the two-dimentional code authentication passes through.
Specifically, in the example of a reality, its complete flow can be with as shown in Fig. 2 provided by the invention be based on
The method of the Quick Response Code offline authentication of digital certificate, comprises the following steps:
1. certificate prepares
1.1 Quick Response Code platforms are to certificate authority application grant a certificate;
1.2 authorization center issues signing certificate;
1.3 terminal devices are from certificate authority downloadable authentication rights issuer certificate;
1.4 terminal devices download Quick Response Code platform credential from Quick Response Code platform;
2. Quick Response Code generates
2.1 users generate essential information, so to Quick Response Code platform application Quick Response Code, Quick Response Code platform according to specific business
Essential information is signed twice respectively using the private key of Quick Response Code platform and the private key of user afterwards.Platform can be each user
Distribute a public key certificate and private key.
2.2 Quick Response Codes return to Quick Response Code, and the Quick Response Code of return further comprises Quick Response Code platform label in addition to basic information
Name, the signature of user oneself and the public key certificate of user.
3. Quick Response Code is verified
3.1 users use cell phone display Quick Response Code;
3.2 terminal scanning Quick Response Codes, information is read, is verified, as shown in figure 3, specific verification step is as follows:
1) legitimacy of the certification authentication Quick Response Code platform credential of certificate authority is used;
2) after the legitimacy of Quick Response Code platform credential is confirmed, using the Quick Response Code platform credential to 2 D code information
In client public key certificate verified, because the public key certificate of user is that Quick Response Code platform is signed and issued, thus it is confirmed that its
Legitimacy.
3) after the legitimacy of client public key certificate is confirmed, the user in Quick Response Code is signed using client public key certificate
Name is verified, represents that Quick Response Code is legal if being verified, and otherwise represents illegal.
Wherein, digital certificate is one through certificate authority (Certificate Authority, abbreviation CA) numeral label
The file comprising public-key cryptography owner information and public-key cryptography of name.
Common certificate includes the digital signature of a public-key cryptography, title and certificate authority.
Digital certificate uses public key system, i.e., is encrypted, decrypted using a pair of keys to match each other.Each user is certainly
Oneself sets one being only specifically private cipher key (private key) known in person, is decrypted and signed with it;Concurrently set one
Public keys (public key) is simultaneously open by me, shared by one group of user, for encrypting and verifying signature.
When sending a classified document, sender uses the public key of recipient to data encryption, and recipient then uses
The private key decryption of oneself, such information can arrive at safe and punctually.
Ensure that ciphering process is an irreversible procedure by the means of numeral, i.e., could only be decrypted with private cipher key.
User can also be acted upon using the private key of oneself to information, and because key is only that I am all, this creates the terminal others
The file that can not be generated, is also formed digital signature.Using digital signature, it is able to confirm that at following 2 points:1) ensure that information is
Sent by signer oneself signature, signer can not be denied or be difficult to deny;2) ensure information from after signing and issuing untill receiving
Any modification was not made, the file signed and issued is authentic document.
In a specific embodiment, in be certified two specified by the end of scan acquisition user
Before tieing up code, in addition to:
Certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The label fed back by the Quick Response Code platform reception certificate authority based on the certificate signing request
The Quick Response Code platform credential of name;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
In a specific embodiment, completing the generating process of the Quick Response Code of certification includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the business specified according to the user is given birth to
Into essential information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Its
In, the Quick Response Code platform is when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Include the Quick Response Code platform of the Quick Response Code platform based on the essential information generation after the completion signature
Certificate, the public key certificate, the user signature Quick Response Code.
In a specific embodiment,
" the certificate authority certificate and Quick Response Code platform card based on the end of scan memory storage
Book is to Quick Response Code platform credential, and the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code ", bag
Include:
The certificate authority certificate based on the end of scan memory storage is carried out to the Quick Response Code platform credential
Legitimate verification;
If the legitimate verification passes through;It is corresponding to the Quick Response Code based on the Quick Response Code platform credential being verified
User public key certificate carry out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
In addition, the asymmetric arithmetic of the digital certificate in this programme, can be international standard RSA Algorithm or
The SM2 algorithms of national standard;Issued licence under the certificate of terminal downloads certificate authority or certificate authority active
Issued licence under book, or Quick Response Code platform active;Quick Response Code platform is a name for being used to manage the platform of Quick Response Code
Claim or other have the platform of said function;To Quick Response Code platform application two dimension except mobile phone or commonly
Desktop computer, notebook computer, tablet personal computer;Correspondingly displaying Quick Response Code except mobile phone, common table can also be used
Formula computer, tablet personal computer, notes book computer, it might even be possible to which Quick Response Code is printed into the material that on paper or other can print
On material.
In a specific embodiment, in addition to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
Embodiment 2
The embodiment of the present invention 2 also discloses a kind of Quick Response Code authenticating device based on digital certificate, applied to including certificate
Authorization center, Quick Response Code platform, end of scan and user terminal system in, wherein, be previously stored with the end of scan
The Quick Response Code platform credential of the certificate authority certificate of the certificate authority and the Quick Response Code platform;Such as Fig. 4 institutes
Show, the equipment includes:
Read module 201, for the Quick Response Code to be certified specified by the end of scan acquisition user, and
Read data corresponding to the Quick Response Code;Wherein, the data include:Quick Response Code platform credential, use corresponding to the Quick Response Code
The public key certificate at family, the signature of the user;
Authentication module 202, for the certificate authority certificate based on the end of scan memory storage and described
Quick Response Code platform credential is to the Quick Response Code platform credential, the public key certificate of user corresponding to the Quick Response Code, the user
Signature is verified;
Confirm module 203, for when checking all by when, confirm that the two-dimentional code authentication passes through.
In a specific embodiment, in addition to:
Acquisition module, for obtained by the end of scan Quick Response Code to be certified that the user specifies it
Before, certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The label fed back by the Quick Response Code platform reception certificate authority based on the certificate signing request
The Quick Response Code platform credential of name;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
In a specific embodiment, completing the generating process of the Quick Response Code of certification includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the business specified according to the user is given birth to
Into essential information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Its
In, the Quick Response Code platform is when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Include the Quick Response Code platform of the Quick Response Code platform based on the essential information generation after the completion signature
Certificate, the public key certificate, the user signature Quick Response Code.
In a specific embodiment,
The authentication module 202, is used for:
The certificate authority certificate based on the end of scan memory storage is carried out to the Quick Response Code platform credential
Legitimate verification;
If the legitimate verification passes through;It is corresponding to the Quick Response Code based on the Quick Response Code platform credential being verified
User public key certificate carry out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
In a specific embodiment, the confirmation module 203, it is additionally operable to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
With this, the present invention proposes a kind of two-dimentional code authentication method and equipment based on digital certificate, applied to including card
Book authorization center, Quick Response Code platform, end of scan, in the system of user terminal, wherein, it is previously stored with the end of scan
The Quick Response Code platform credential of the certificate authority certificate of the certificate authority and the Quick Response Code platform;This method bag
Include:The Quick Response Code to be certified specified by the end of scan acquisition user, and read corresponding to the Quick Response Code
Data;Wherein, the data include:Quick Response Code platform credential, the public key certificate of user, the user corresponding to the Quick Response Code
Signature;The certificate authority certificate and the Quick Response Code platform credential based on the end of scan memory storage are to institute
Quick Response Code platform credential is stated, the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code;Work as checking
All by when, confirm that the two-dimentional code authentication passes through.With this based on the digital certificate prestored, offline Quick Response Code is realized
Certification.
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram for being preferable to carry out scene, module in accompanying drawing or
Flow is not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in device in implement scene can be described according to implement scene into
Row is distributed in the device of implement scene, can also carry out one or more dresses that respective change is disposed other than this implement scene
In putting.The module of above-mentioned implement scene can be merged into a module, can also be further split into multiple submodule.
The invention described above sequence number is for illustration only, does not represent the quality of implement scene.
Disclosed above is only several specific implementation scenes of the present invention, and still, the present invention is not limited to this, Ren Heben
What the technical staff in field can think change should all fall into protection scope of the present invention.
Claims (10)
1. a kind of two-dimentional code authentication method based on digital certificate, it is characterised in that applied to including certificate authority, two dimension
In the system of code platform, end of scan and user terminal, wherein, it is previously stored with the end of scan in the certificate granting
The Quick Response Code platform credential of the certificate authority certificate of the heart and the Quick Response Code platform;This method includes:
The Quick Response Code to be certified specified by the end of scan acquisition user, and read corresponding to the Quick Response Code
Data;Wherein, the data include:The public key certificate of user, the user corresponding to Quick Response Code platform credential, the Quick Response Code
Signature;
The certificate authority certificate and the Quick Response Code platform credential based on the end of scan memory storage are to described
The public key certificate of user, the signature of the user are verified corresponding to Quick Response Code platform credential, the Quick Response Code;
When checking all by when, confirm that the two-dimentional code authentication passes through.
2. a kind of two-dimentional code authentication method based on digital certificate as claimed in claim 1, it is characterised in that by described
Before end of scan obtains the Quick Response Code to be certified that the user specifies, in addition to:
Certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The certificate authority is received based on having signed of feeding back of the certificate signing request by the Quick Response Code platform
Quick Response Code platform credential;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
3. a kind of two-dimentional code authentication method based on digital certificate as claimed in claim 1, it is characterised in that complete certification
The generating process of Quick Response Code includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the service generation base specified according to the user
This information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Wherein, institute
Quick Response Code platform is stated when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Based on complete the essential information generation after the signature and include the Quick Response Code platform Quick Response Code platform credential,
The public key certificate, the user signature Quick Response Code.
A kind of 4. two-dimentional code authentication method based on digital certificate as claimed in claim 1, it is characterised in that
" the certificate authority certificate and the Quick Response Code platform credential pair based on the end of scan memory storage
The public key certificate of user, the signature of the user are verified corresponding to Quick Response Code platform credential, the Quick Response Code ", including:
It is legal that the Quick Response Code platform credential is carried out based on the certificate authority certificate of the end of scan memory storage
Property checking;
If the legitimate verification passes through;Based on the Quick Response Code platform credential being verified to being used corresponding to the Quick Response Code
The public key certificate at family carries out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
5. a kind of two-dimentional code authentication method based on digital certificate as claimed in claim 1, it is characterised in that also include:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
6. a kind of Quick Response Code authenticating device based on digital certificate, it is characterised in that applied to including certificate authority, two dimension
In the system of code platform, end of scan and user terminal, wherein, it is previously stored with the end of scan in the certificate granting
The Quick Response Code platform credential of the certificate authority certificate of the heart and the Quick Response Code platform;The equipment includes:
Read module, for the Quick Response Code to be certified specified by the end of scan acquisition user, and described in reading
Data corresponding to Quick Response Code;Wherein, the data include:The public key of user corresponding to Quick Response Code platform credential, the Quick Response Code
Certificate, the signature of the user;
Authentication module, for being put down based on the certificate authority certificate of the end of scan memory storage and the Quick Response Code
Signature progress of the platform certificate to the public key certificate of user, the user corresponding to the Quick Response Code platform credential, the Quick Response Code
Checking;
Confirm module, for when checking all by when, confirm that the two-dimentional code authentication passes through.
7. a kind of Quick Response Code authenticating device based on digital certificate as claimed in claim 6, it is characterised in that also include:
Acquisition module, for before the Quick Response Code to be certified that the user specifies is obtained by the end of scan, leading to
Cross the Quick Response Code platform and send certificate signing request to the certificate authority;
The certificate authority is received based on having signed of feeding back of the certificate signing request by the Quick Response Code platform
Quick Response Code platform credential;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
8. a kind of Quick Response Code authenticating device based on digital certificate as claimed in claim 6, it is characterised in that complete certification
The generating process of Quick Response Code includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the service generation base specified according to the user
This information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Wherein, institute
Quick Response Code platform is stated when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Based on complete the essential information generation after the signature and include the Quick Response Code platform Quick Response Code platform credential,
The public key certificate, the user signature Quick Response Code.
A kind of 9. Quick Response Code authenticating device based on digital certificate as claimed in claim 6, it is characterised in that
The authentication module, is used for:
It is legal that the Quick Response Code platform credential is carried out based on the certificate authority certificate of the end of scan memory storage
Property checking;
If the legitimate verification passes through;Based on the Quick Response Code platform credential being verified to being used corresponding to the Quick Response Code
The public key certificate at family carries out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
A kind of 10. Quick Response Code authenticating device based on digital certificate as claimed in claim 6, it is characterised in that the confirmation
Module, it is additionally operable to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711065595.9A CN107835079A (en) | 2017-11-02 | 2017-11-02 | A kind of two-dimentional code authentication method and equipment based on digital certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711065595.9A CN107835079A (en) | 2017-11-02 | 2017-11-02 | A kind of two-dimentional code authentication method and equipment based on digital certificate |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107835079A true CN107835079A (en) | 2018-03-23 |
Family
ID=61650470
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711065595.9A Pending CN107835079A (en) | 2017-11-02 | 2017-11-02 | A kind of two-dimentional code authentication method and equipment based on digital certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107835079A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108900302A (en) * | 2018-06-19 | 2018-11-27 | 广州佳都数据服务有限公司 | Two dimensional code generation, generates terminal and authenticating device at authentication method |
CN109379181A (en) * | 2018-08-10 | 2019-02-22 | 航天信息股份有限公司 | It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment |
CN109615030A (en) * | 2018-10-12 | 2019-04-12 | 阿里巴巴集团控股有限公司 | Dimension code anti-counterfeit method, equipment and system based on security application |
CN110298421A (en) * | 2019-06-26 | 2019-10-01 | 云宝宝大数据产业发展有限责任公司 | A kind of online generation, offline generation and the verification method and device of two dimensional code |
CN110659470A (en) * | 2019-09-23 | 2020-01-07 | 四川虹微技术有限公司 | Authentication method and authentication system for off-line physical isolation |
CN111027974A (en) * | 2019-12-12 | 2020-04-17 | 腾讯科技(深圳)有限公司 | Identification code verification method, device, equipment and storage medium |
CN112865972A (en) * | 2021-03-31 | 2021-05-28 | 深圳市巽震科技孵化器有限公司 | Initialization method, device and system based on digital certificate platform and storage device |
CN112929263A (en) * | 2021-03-02 | 2021-06-08 | 华录智达科技股份有限公司 | Real-time system with quick response |
CN113282888A (en) * | 2021-04-02 | 2021-08-20 | 北京千方科技股份有限公司 | Offline activation method, system and storage medium of application program |
CN115063916A (en) * | 2022-05-30 | 2022-09-16 | 上海格尔安信科技有限公司 | Health code identification method and device for preventing screen capture and code scanning |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101800642A (en) * | 2009-12-31 | 2010-08-11 | 卓望数码技术(深圳)有限公司 | Encoding and decoding methods, equipment and system of graphic codes |
CN102932148A (en) * | 2012-10-25 | 2013-02-13 | 成都市易恒信科技有限公司 | System and method for preventing safety two-dimensional code counterfeiting on basis of combination of public key (CPK) authentication |
CN103795546A (en) * | 2014-02-18 | 2014-05-14 | 广东数字证书认证中心有限公司 | Generating method and authentication method of data label and system of generating method and authentication method |
CN104134142A (en) * | 2014-08-11 | 2014-11-05 | 东南大学 | Metro ticket buying and checking method based on two-dimension code recognition |
CN104156645A (en) * | 2014-08-07 | 2014-11-19 | 朱洪标 | Copy verification system and application method thereof |
CN104715274A (en) * | 2013-12-16 | 2015-06-17 | 邵贵平 | Safe two-dimensional bar code |
US20150317466A1 (en) * | 2014-05-02 | 2015-11-05 | Verificient Technologies, Inc. | Certificate verification system and methods of performing the same |
CN106452756A (en) * | 2016-11-08 | 2017-02-22 | 王栋 | Construction verification method and device capable of verifying security two-dimensional code offline |
CN106465112A (en) * | 2014-05-21 | 2017-02-22 | 维萨国际服务协会 | Offline authentication |
CN106897761A (en) * | 2017-03-06 | 2017-06-27 | 山东渔翁信息技术股份有限公司 | A kind of two-dimensional code generation method and device |
-
2017
- 2017-11-02 CN CN201711065595.9A patent/CN107835079A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101800642A (en) * | 2009-12-31 | 2010-08-11 | 卓望数码技术(深圳)有限公司 | Encoding and decoding methods, equipment and system of graphic codes |
CN102932148A (en) * | 2012-10-25 | 2013-02-13 | 成都市易恒信科技有限公司 | System and method for preventing safety two-dimensional code counterfeiting on basis of combination of public key (CPK) authentication |
CN104715274A (en) * | 2013-12-16 | 2015-06-17 | 邵贵平 | Safe two-dimensional bar code |
CN103795546A (en) * | 2014-02-18 | 2014-05-14 | 广东数字证书认证中心有限公司 | Generating method and authentication method of data label and system of generating method and authentication method |
US20150317466A1 (en) * | 2014-05-02 | 2015-11-05 | Verificient Technologies, Inc. | Certificate verification system and methods of performing the same |
CN106465112A (en) * | 2014-05-21 | 2017-02-22 | 维萨国际服务协会 | Offline authentication |
CN104156645A (en) * | 2014-08-07 | 2014-11-19 | 朱洪标 | Copy verification system and application method thereof |
CN104134142A (en) * | 2014-08-11 | 2014-11-05 | 东南大学 | Metro ticket buying and checking method based on two-dimension code recognition |
CN106452756A (en) * | 2016-11-08 | 2017-02-22 | 王栋 | Construction verification method and device capable of verifying security two-dimensional code offline |
CN106897761A (en) * | 2017-03-06 | 2017-06-27 | 山东渔翁信息技术股份有限公司 | A kind of two-dimensional code generation method and device |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108900302A (en) * | 2018-06-19 | 2018-11-27 | 广州佳都数据服务有限公司 | Two dimensional code generation, generates terminal and authenticating device at authentication method |
CN109379181A (en) * | 2018-08-10 | 2019-02-22 | 航天信息股份有限公司 | It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment |
CN109615030A (en) * | 2018-10-12 | 2019-04-12 | 阿里巴巴集团控股有限公司 | Dimension code anti-counterfeit method, equipment and system based on security application |
CN110298421A (en) * | 2019-06-26 | 2019-10-01 | 云宝宝大数据产业发展有限责任公司 | A kind of online generation, offline generation and the verification method and device of two dimensional code |
CN110298421B (en) * | 2019-06-26 | 2023-11-03 | 云宝宝大数据产业发展有限责任公司 | Online generation, offline generation and verification method and device for two-dimensional code |
CN110659470A (en) * | 2019-09-23 | 2020-01-07 | 四川虹微技术有限公司 | Authentication method and authentication system for off-line physical isolation |
CN111027974A (en) * | 2019-12-12 | 2020-04-17 | 腾讯科技(深圳)有限公司 | Identification code verification method, device, equipment and storage medium |
CN112929263B (en) * | 2021-03-02 | 2021-12-10 | 华录智达科技股份有限公司 | Real-time system with quick response |
CN112929263A (en) * | 2021-03-02 | 2021-06-08 | 华录智达科技股份有限公司 | Real-time system with quick response |
CN112865972B (en) * | 2021-03-31 | 2023-03-14 | 深圳市巽震科技孵化器有限公司 | Initialization method, device and system based on digital certificate platform and storage device |
CN112865972A (en) * | 2021-03-31 | 2021-05-28 | 深圳市巽震科技孵化器有限公司 | Initialization method, device and system based on digital certificate platform and storage device |
CN113282888A (en) * | 2021-04-02 | 2021-08-20 | 北京千方科技股份有限公司 | Offline activation method, system and storage medium of application program |
CN113282888B (en) * | 2021-04-02 | 2024-02-06 | 北京千方科技股份有限公司 | Offline activation method, system and storage medium of application program |
CN115063916A (en) * | 2022-05-30 | 2022-09-16 | 上海格尔安信科技有限公司 | Health code identification method and device for preventing screen capture and code scanning |
CN115063916B (en) * | 2022-05-30 | 2024-04-26 | 上海格尔安信科技有限公司 | Health code identification method and device for preventing screen capturing and code scanning |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107835079A (en) | A kind of two-dimentional code authentication method and equipment based on digital certificate | |
US7366905B2 (en) | Method and system for user generated keys and certificates | |
CN101300808B (en) | Method and arrangement for secure autentication | |
CN1838163B (en) | Universal electronic stamping system implementation method based on PKI | |
US20060280297A1 (en) | Cipher communication system using device authentication keys | |
US6789193B1 (en) | Method and system for authenticating a network user | |
AU2006205272B2 (en) | Security code production method and methods of using the same, and programmable device therefor | |
EP1322086A2 (en) | Assignment of user certificates/private keys in token enabled public key infrastructure system | |
CA2457493A1 (en) | Data certification method and apparatus | |
CN106230784A (en) | A kind of device authentication method and device | |
KR20060003319A (en) | Device authentication system | |
US8302175B2 (en) | Method and system for electronic reauthentication of a communication party | |
CN109981287B (en) | Code signing method and storage medium thereof | |
JP2006014325A (en) | Method and apparatus for using portable security token to facilitate public key certification for device group in network | |
CN109922027B (en) | Credible identity authentication method, terminal and storage medium | |
WO2008030184A1 (en) | Improved authentication system | |
SE514105C2 (en) | Secure distribution and protection of encryption key information | |
CN106656505A (en) | Mobile terminal electronic signature system based on event certificate and mobile terminal electronic signature method thereof | |
WO2020042508A1 (en) | Method, system and electronic device for processing claim incident based on blockchain | |
CN104660417B (en) | Verification method, checking device and electronic equipment | |
CN113364597A (en) | Privacy information proving method and system based on block chain | |
US6904524B1 (en) | Method and apparatus for providing human readable signature with digital signature | |
JP2005502269A (en) | Method and apparatus for creating a digital certificate | |
KR20000024445A (en) | User Authentication Algorithm Using Digital Signature and/or Wireless Digital Signature with a Portable Device | |
JPH10336172A (en) | Managing method of public key for electronic authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180323 |
|
RJ01 | Rejection of invention patent application after publication |