CN107835079A - A kind of two-dimentional code authentication method and equipment based on digital certificate - Google Patents

A kind of two-dimentional code authentication method and equipment based on digital certificate Download PDF

Info

Publication number
CN107835079A
CN107835079A CN201711065595.9A CN201711065595A CN107835079A CN 107835079 A CN107835079 A CN 107835079A CN 201711065595 A CN201711065595 A CN 201711065595A CN 107835079 A CN107835079 A CN 107835079A
Authority
CN
China
Prior art keywords
quick response
response code
certificate
user
platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711065595.9A
Other languages
Chinese (zh)
Inventor
江卫
谭宁
周剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Jiadu Marketing Data Services Ltd
Original Assignee
Guangzhou Jiadu Marketing Data Services Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Jiadu Marketing Data Services Ltd filed Critical Guangzhou Jiadu Marketing Data Services Ltd
Priority to CN201711065595.9A priority Critical patent/CN107835079A/en
Publication of CN107835079A publication Critical patent/CN107835079A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06037Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention proposes a kind of two-dimentional code authentication method and equipment based on digital certificate, and the certificate authority certificate of the certificate authority and the Quick Response Code platform credential of the Quick Response Code platform are previously stored with end of scan;This method includes:The Quick Response Code to be certified specified by the end of scan acquisition user, and read data corresponding to the Quick Response Code;Wherein, the data include:Quick Response Code platform credential, the public key certificate of user, the signature of the user corresponding to the Quick Response Code;The certificate authority certificate and the Quick Response Code platform credential based on the end of scan memory storage are to the Quick Response Code platform credential, and the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code;When checking all by when, confirm that the two-dimentional code authentication passes through.With this based on the digital certificate prestored, offline two-dimentional code authentication is realized.

Description

A kind of two-dimentional code authentication method and equipment based on digital certificate
Technical field
The present invention relates to field of authentication, more particularly to a kind of two-dimentional code authentication method and equipment based on digital certificate.
Background technology
With the fast development of mobile Internet, planar bar code technology is more and more applied in various daily lifes. Due to the characteristic of the unidirectional information transmission of Quick Response Code, in order to be verified to 2 D code information, it is necessary to online real-time authentication of networking, this Quick Response Code checking be result in network heavy dependence.It is bad or completely without the place of network in network signal, as remote Area, cavern, tunnel etc., online real-time authentication can not be carried out, and have impact on the application and popularization of Quick Response Code.
Therefore the offline secure certification of Quick Response Code how is realized, the problem of being current in the urgent need to address.
The content of the invention
For in the prior art the defects of, the present invention, which proposes, a kind of two-dimentional code authentication method based on digital certificate and to be set It is standby, based on the digital certificate prestored, realize offline two-dimentional code authentication.
Specifically, the present invention proposes embodiment in detail below:
The embodiment of the present invention proposes a kind of two-dimentional code authentication method based on digital certificate, applied to including certificate granting Center, Quick Response Code platform, end of scan and user terminal system in, wherein, be previously stored with the end of scan described The Quick Response Code platform credential of the certificate authority certificate of certificate authority and the Quick Response Code platform;This method includes:
The Quick Response Code to be certified specified by the end of scan acquisition user, and read the Quick Response Code pair The data answered;Wherein, the data include:It is the public key certificate of user corresponding to Quick Response Code platform credential, the Quick Response Code, described The signature of user;
The certificate authority certificate and the Quick Response Code platform credential pair based on the end of scan memory storage The public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code platform credential, the Quick Response Code;
When checking all by when, confirm that the two-dimentional code authentication passes through.
In a specific embodiment, in be certified two specified by the end of scan acquisition user Before tieing up code, in addition to:
Certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The label fed back by the Quick Response Code platform reception certificate authority based on the certificate signing request The Quick Response Code platform credential of name;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
In a specific embodiment, completing the generating process of the Quick Response Code of certification includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the business specified according to the user is given birth to Into essential information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Its In, the Quick Response Code platform is when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Include the Quick Response Code platform of the Quick Response Code platform based on the essential information generation after the completion signature Certificate, the public key certificate, the user signature Quick Response Code.
In a specific embodiment,
" the certificate authority certificate and Quick Response Code platform card based on the end of scan memory storage Book is to Quick Response Code platform credential, and the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code ", bag Include:
The certificate authority certificate based on the end of scan memory storage is carried out to the Quick Response Code platform credential Legitimate verification;
If the legitimate verification passes through;It is corresponding to the Quick Response Code based on the Quick Response Code platform credential being verified User public key certificate carry out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
In a specific embodiment, in addition to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
The embodiment of the present invention also proposed a kind of Quick Response Code authenticating device based on digital certificate, be awarded applied to including certificate Power center, Quick Response Code platform, end of scan and user terminal system in, wherein, prestored in the end of scan State the certificate authority certificate of certificate authority and the Quick Response Code platform credential of the Quick Response Code platform;The equipment bag Include:
Read module, for the Quick Response Code to be certified specified by the end of scan acquisition user, and read Take data corresponding to the Quick Response Code;Wherein, the data include:Quick Response Code platform credential, user corresponding to the Quick Response Code Public key certificate, the signature of the user;
Authentication module, for based on the certificate authority certificate of the end of scan memory storage and the two dimension Code platform credential is to the Quick Response Code platform credential, the public key certificate of user, the signature of the user corresponding to the Quick Response Code Verified;
Confirm module, for when checking all by when, confirm that the two-dimentional code authentication passes through.
In a specific embodiment, in addition to:
Acquisition module, for obtained by the end of scan Quick Response Code to be certified that the user specifies it Before, certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The label fed back by the Quick Response Code platform reception certificate authority based on the certificate signing request The Quick Response Code platform credential of name;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
In a specific embodiment, completing the generating process of the Quick Response Code of certification includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the business specified according to the user is given birth to Into essential information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Its In, the Quick Response Code platform is when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Include the Quick Response Code platform of the Quick Response Code platform based on the essential information generation after the completion signature Certificate, the public key certificate, the user signature Quick Response Code.
In a specific embodiment,
The authentication module, is used for:
The certificate authority certificate based on the end of scan memory storage is carried out to the Quick Response Code platform credential Legitimate verification;
If the legitimate verification passes through;It is corresponding to the Quick Response Code based on the Quick Response Code platform credential being verified User public key certificate carry out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
In a specific embodiment, the confirmation module, it is additionally operable to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
With this, the present invention proposes a kind of two-dimentional code authentication method and equipment based on digital certificate, applied to including card Book authorization center, Quick Response Code platform, end of scan, in the system of user terminal, wherein, it is previously stored with the end of scan The Quick Response Code platform credential of the certificate authority certificate of the certificate authority and the Quick Response Code platform;This method bag Include:The Quick Response Code to be certified specified by the end of scan acquisition user, and read corresponding to the Quick Response Code Data;Wherein, the data include:Quick Response Code platform credential, the public key certificate of user, the user corresponding to the Quick Response Code Signature;The certificate authority certificate and the Quick Response Code platform credential based on the end of scan memory storage are to institute Quick Response Code platform credential is stated, the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code;Work as checking All by when, confirm that the two-dimentional code authentication passes through.With this based on the digital certificate prestored, offline Quick Response Code is realized Certification.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 is a kind of schematic flow sheet for two-dimentional code authentication method based on digital certificate that the embodiment of the present invention proposes;
Fig. 2 is a kind of schematic flow sheet for two-dimentional code authentication method based on digital certificate that the embodiment of the present invention proposes;
Fig. 3 is the stream of verification process in a kind of two-dimentional code authentication method based on digital certificate that the embodiment of the present invention proposes Journey schematic diagram;
Fig. 4 is a kind of structural representation for Quick Response Code authenticating device based on digital certificate that the embodiment of the present invention proposes.
Embodiment
Hereinafter, the various embodiments of the disclosure will be described more fully.The disclosure can have various embodiments, and It can adjust and change wherein.It should be understood, however, that:It is limited to spy disclosed herein in the absence of by the various embodiments of the disclosure Determine the intention of embodiment, but the disclosure should be interpreted as covering in the spirit and scope for the various embodiments for falling into the disclosure All adjustment, equivalent and/or alternatives.
Hereinafter, disclosed in the term " comprising " that can be used in the various embodiments of the disclosure or " may include " instruction Function, operation or the presence of element, and do not limit the increase of one or more functions, operation or element.In addition, such as exist Used in the various embodiments of the disclosure, term " comprising ", " having " and its cognate are meant only to represent special characteristic, number Word, step, operation, the combination of element, component or foregoing item, and be understood not to exclude first one or more other Feature, numeral, step, operation, element, component or foregoing item combination presence or one or more features of increase, numeral, Step, operation, element, component or foregoing item combination possibility.
In the various embodiments of the disclosure, stating "or" or " at least one in A or/and B " includes what is listed file names with Any combinations of word or all combinations.For example, " A or B " or " at least one in A or/and B " may include A, may include for statement B may include A and B both.
The statement (" first ", " second " etc.) used in the various embodiments of the disclosure can be modified in various implementations Various element in example, but respective sets can not be limited into element.For example, presented above be not intended to limit the suitable of the element Sequence and/or importance.The purpose presented above for being only used for differentiating an element and other elements.For example, the first user fills Put and indicate different user device with second user device, although the two is all user's set.For example, each of the disclosure is not being departed from In the case of the scope of kind embodiment, the first element is referred to alternatively as the second element, and similarly, the second element is also referred to as first Element.
It should be noted that:, can be by the first composition member if an element ' attach ' to another element by description Part is directly connected to the second element, and " connection " the 3rd can be formed between the first element and the second element Element.On the contrary, when an element " being directly connected to " is arrived into another element, it will be appreciated that be in the first element And second be not present the 3rd element between element.
The term " user " used in the various embodiments of the disclosure, which may indicate that, to be used the people of electronic installation or uses electricity The device (for example, artificial intelligence electronic installation) of sub-device.
The term used in the various embodiments of the disclosure is only used for describing the purpose of specific embodiment and not anticipated In the various embodiments of the limitation disclosure.As used herein, singulative is intended to also include plural form, unless context is clear Chu it is indicated otherwise.Unless otherwise defined, all terms (including the technical term and scientific terminology) tool being otherwise used herein There is the implication identical implication that the various embodiment one skilled in the art with the disclosure are generally understood that.The term (term such as limited in the dictionary typically used) is to be interpreted as having and the situational meaning in correlative technology field Identical implication and the implication with Utopian implication or overly formal will be not construed as, unless in the various of the disclosure It is clearly defined in embodiment.
Embodiment 1
The embodiment of the present invention 1 proposes a kind of two-dimentional code authentication method based on digital certificate, is awarded applied to including certificate Power center, Quick Response Code platform, end of scan and user terminal system in, wherein, prestored in the end of scan State the certificate authority certificate of certificate authority and the Quick Response Code platform credential of the Quick Response Code platform;As shown in figure 1, This method includes:
Step 101, the Quick Response Code to be certified that the user specifies is obtained by the end of scan, and described in reading Data corresponding to Quick Response Code;Wherein, the data include:Quick Response Code platform credential, the public key of user corresponding to the Quick Response Code Certificate, the signature of the user;
Step 102, put down based on the certificate authority certificate of the end of scan memory storage and the Quick Response Code Platform certificate is to the Quick Response Code platform credential, and the public key certificate of user, the signature of the user are carried out corresponding to the Quick Response Code Checking;
Step 103, when checking all by when, confirm that the two-dimentional code authentication passes through.
Specifically, in the example of a reality, its complete flow can be with as shown in Fig. 2 provided by the invention be based on The method of the Quick Response Code offline authentication of digital certificate, comprises the following steps:
1. certificate prepares
1.1 Quick Response Code platforms are to certificate authority application grant a certificate;
1.2 authorization center issues signing certificate;
1.3 terminal devices are from certificate authority downloadable authentication rights issuer certificate;
1.4 terminal devices download Quick Response Code platform credential from Quick Response Code platform;
2. Quick Response Code generates
2.1 users generate essential information, so to Quick Response Code platform application Quick Response Code, Quick Response Code platform according to specific business Essential information is signed twice respectively using the private key of Quick Response Code platform and the private key of user afterwards.Platform can be each user Distribute a public key certificate and private key.
2.2 Quick Response Codes return to Quick Response Code, and the Quick Response Code of return further comprises Quick Response Code platform label in addition to basic information Name, the signature of user oneself and the public key certificate of user.
3. Quick Response Code is verified
3.1 users use cell phone display Quick Response Code;
3.2 terminal scanning Quick Response Codes, information is read, is verified, as shown in figure 3, specific verification step is as follows:
1) legitimacy of the certification authentication Quick Response Code platform credential of certificate authority is used;
2) after the legitimacy of Quick Response Code platform credential is confirmed, using the Quick Response Code platform credential to 2 D code information In client public key certificate verified, because the public key certificate of user is that Quick Response Code platform is signed and issued, thus it is confirmed that its Legitimacy.
3) after the legitimacy of client public key certificate is confirmed, the user in Quick Response Code is signed using client public key certificate Name is verified, represents that Quick Response Code is legal if being verified, and otherwise represents illegal.
Wherein, digital certificate is one through certificate authority (Certificate Authority, abbreviation CA) numeral label The file comprising public-key cryptography owner information and public-key cryptography of name.
Common certificate includes the digital signature of a public-key cryptography, title and certificate authority.
Digital certificate uses public key system, i.e., is encrypted, decrypted using a pair of keys to match each other.Each user is certainly Oneself sets one being only specifically private cipher key (private key) known in person, is decrypted and signed with it;Concurrently set one Public keys (public key) is simultaneously open by me, shared by one group of user, for encrypting and verifying signature.
When sending a classified document, sender uses the public key of recipient to data encryption, and recipient then uses The private key decryption of oneself, such information can arrive at safe and punctually.
Ensure that ciphering process is an irreversible procedure by the means of numeral, i.e., could only be decrypted with private cipher key. User can also be acted upon using the private key of oneself to information, and because key is only that I am all, this creates the terminal others The file that can not be generated, is also formed digital signature.Using digital signature, it is able to confirm that at following 2 points:1) ensure that information is Sent by signer oneself signature, signer can not be denied or be difficult to deny;2) ensure information from after signing and issuing untill receiving Any modification was not made, the file signed and issued is authentic document.
In a specific embodiment, in be certified two specified by the end of scan acquisition user Before tieing up code, in addition to:
Certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The label fed back by the Quick Response Code platform reception certificate authority based on the certificate signing request The Quick Response Code platform credential of name;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
In a specific embodiment, completing the generating process of the Quick Response Code of certification includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the business specified according to the user is given birth to Into essential information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Its In, the Quick Response Code platform is when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Include the Quick Response Code platform of the Quick Response Code platform based on the essential information generation after the completion signature Certificate, the public key certificate, the user signature Quick Response Code.
In a specific embodiment,
" the certificate authority certificate and Quick Response Code platform card based on the end of scan memory storage Book is to Quick Response Code platform credential, and the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code ", bag Include:
The certificate authority certificate based on the end of scan memory storage is carried out to the Quick Response Code platform credential Legitimate verification;
If the legitimate verification passes through;It is corresponding to the Quick Response Code based on the Quick Response Code platform credential being verified User public key certificate carry out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
In addition, the asymmetric arithmetic of the digital certificate in this programme, can be international standard RSA Algorithm or The SM2 algorithms of national standard;Issued licence under the certificate of terminal downloads certificate authority or certificate authority active Issued licence under book, or Quick Response Code platform active;Quick Response Code platform is a name for being used to manage the platform of Quick Response Code Claim or other have the platform of said function;To Quick Response Code platform application two dimension except mobile phone or commonly Desktop computer, notebook computer, tablet personal computer;Correspondingly displaying Quick Response Code except mobile phone, common table can also be used Formula computer, tablet personal computer, notes book computer, it might even be possible to which Quick Response Code is printed into the material that on paper or other can print On material.
In a specific embodiment, in addition to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
Embodiment 2
The embodiment of the present invention 2 also discloses a kind of Quick Response Code authenticating device based on digital certificate, applied to including certificate Authorization center, Quick Response Code platform, end of scan and user terminal system in, wherein, be previously stored with the end of scan The Quick Response Code platform credential of the certificate authority certificate of the certificate authority and the Quick Response Code platform;Such as Fig. 4 institutes Show, the equipment includes:
Read module 201, for the Quick Response Code to be certified specified by the end of scan acquisition user, and Read data corresponding to the Quick Response Code;Wherein, the data include:Quick Response Code platform credential, use corresponding to the Quick Response Code The public key certificate at family, the signature of the user;
Authentication module 202, for the certificate authority certificate based on the end of scan memory storage and described Quick Response Code platform credential is to the Quick Response Code platform credential, the public key certificate of user corresponding to the Quick Response Code, the user Signature is verified;
Confirm module 203, for when checking all by when, confirm that the two-dimentional code authentication passes through.
In a specific embodiment, in addition to:
Acquisition module, for obtained by the end of scan Quick Response Code to be certified that the user specifies it Before, certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The label fed back by the Quick Response Code platform reception certificate authority based on the certificate signing request The Quick Response Code platform credential of name;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
In a specific embodiment, completing the generating process of the Quick Response Code of certification includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the business specified according to the user is given birth to Into essential information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Its In, the Quick Response Code platform is when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Include the Quick Response Code platform of the Quick Response Code platform based on the essential information generation after the completion signature Certificate, the public key certificate, the user signature Quick Response Code.
In a specific embodiment,
The authentication module 202, is used for:
The certificate authority certificate based on the end of scan memory storage is carried out to the Quick Response Code platform credential Legitimate verification;
If the legitimate verification passes through;It is corresponding to the Quick Response Code based on the Quick Response Code platform credential being verified User public key certificate carry out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
In a specific embodiment, the confirmation module 203, it is additionally operable to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
With this, the present invention proposes a kind of two-dimentional code authentication method and equipment based on digital certificate, applied to including card Book authorization center, Quick Response Code platform, end of scan, in the system of user terminal, wherein, it is previously stored with the end of scan The Quick Response Code platform credential of the certificate authority certificate of the certificate authority and the Quick Response Code platform;This method bag Include:The Quick Response Code to be certified specified by the end of scan acquisition user, and read corresponding to the Quick Response Code Data;Wherein, the data include:Quick Response Code platform credential, the public key certificate of user, the user corresponding to the Quick Response Code Signature;The certificate authority certificate and the Quick Response Code platform credential based on the end of scan memory storage are to institute Quick Response Code platform credential is stated, the public key certificate of user, the signature of the user are verified corresponding to the Quick Response Code;Work as checking All by when, confirm that the two-dimentional code authentication passes through.With this based on the digital certificate prestored, offline Quick Response Code is realized Certification.
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram for being preferable to carry out scene, module in accompanying drawing or Flow is not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in device in implement scene can be described according to implement scene into Row is distributed in the device of implement scene, can also carry out one or more dresses that respective change is disposed other than this implement scene In putting.The module of above-mentioned implement scene can be merged into a module, can also be further split into multiple submodule.
The invention described above sequence number is for illustration only, does not represent the quality of implement scene.
Disclosed above is only several specific implementation scenes of the present invention, and still, the present invention is not limited to this, Ren Heben What the technical staff in field can think change should all fall into protection scope of the present invention.

Claims (10)

1. a kind of two-dimentional code authentication method based on digital certificate, it is characterised in that applied to including certificate authority, two dimension In the system of code platform, end of scan and user terminal, wherein, it is previously stored with the end of scan in the certificate granting The Quick Response Code platform credential of the certificate authority certificate of the heart and the Quick Response Code platform;This method includes:
The Quick Response Code to be certified specified by the end of scan acquisition user, and read corresponding to the Quick Response Code Data;Wherein, the data include:The public key certificate of user, the user corresponding to Quick Response Code platform credential, the Quick Response Code Signature;
The certificate authority certificate and the Quick Response Code platform credential based on the end of scan memory storage are to described The public key certificate of user, the signature of the user are verified corresponding to Quick Response Code platform credential, the Quick Response Code;
When checking all by when, confirm that the two-dimentional code authentication passes through.
2. a kind of two-dimentional code authentication method based on digital certificate as claimed in claim 1, it is characterised in that by described Before end of scan obtains the Quick Response Code to be certified that the user specifies, in addition to:
Certificate signing request is sent to the certificate authority by the Quick Response Code platform;
The certificate authority is received based on having signed of feeding back of the certificate signing request by the Quick Response Code platform Quick Response Code platform credential;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
3. a kind of two-dimentional code authentication method based on digital certificate as claimed in claim 1, it is characterised in that complete certification The generating process of Quick Response Code includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the service generation base specified according to the user This information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Wherein, institute Quick Response Code platform is stated when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Based on complete the essential information generation after the signature and include the Quick Response Code platform Quick Response Code platform credential, The public key certificate, the user signature Quick Response Code.
A kind of 4. two-dimentional code authentication method based on digital certificate as claimed in claim 1, it is characterised in that
" the certificate authority certificate and the Quick Response Code platform credential pair based on the end of scan memory storage The public key certificate of user, the signature of the user are verified corresponding to Quick Response Code platform credential, the Quick Response Code ", including:
It is legal that the Quick Response Code platform credential is carried out based on the certificate authority certificate of the end of scan memory storage Property checking;
If the legitimate verification passes through;Based on the Quick Response Code platform credential being verified to being used corresponding to the Quick Response Code The public key certificate at family carries out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
5. a kind of two-dimentional code authentication method based on digital certificate as claimed in claim 1, it is characterised in that also include:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
6. a kind of Quick Response Code authenticating device based on digital certificate, it is characterised in that applied to including certificate authority, two dimension In the system of code platform, end of scan and user terminal, wherein, it is previously stored with the end of scan in the certificate granting The Quick Response Code platform credential of the certificate authority certificate of the heart and the Quick Response Code platform;The equipment includes:
Read module, for the Quick Response Code to be certified specified by the end of scan acquisition user, and described in reading Data corresponding to Quick Response Code;Wherein, the data include:The public key of user corresponding to Quick Response Code platform credential, the Quick Response Code Certificate, the signature of the user;
Authentication module, for being put down based on the certificate authority certificate of the end of scan memory storage and the Quick Response Code Signature progress of the platform certificate to the public key certificate of user, the user corresponding to the Quick Response Code platform credential, the Quick Response Code Checking;
Confirm module, for when checking all by when, confirm that the two-dimentional code authentication passes through.
7. a kind of Quick Response Code authenticating device based on digital certificate as claimed in claim 6, it is characterised in that also include:
Acquisition module, for before the Quick Response Code to be certified that the user specifies is obtained by the end of scan, leading to Cross the Quick Response Code platform and send certificate signing request to the certificate authority;
The certificate authority is received based on having signed of feeding back of the certificate signing request by the Quick Response Code platform Quick Response Code platform credential;
The certificate authority certificate of the certificate authority is obtained by the end of scan;
The Quick Response Code platform credential is obtained by the end of scan.
8. a kind of Quick Response Code authenticating device based on digital certificate as claimed in claim 6, it is characterised in that complete certification The generating process of Quick Response Code includes:
When the Quick Response Code platform receives the Quick Response Code application of user's transmission, the service generation base specified according to the user This information;
The essential information is signed successively by the private key of the Quick Response Code platform and the private key of user;Wherein, institute Quick Response Code platform is stated when receiving the Quick Response Code application, the public key certificate and private key of the corresponding user of generation;
Based on complete the essential information generation after the signature and include the Quick Response Code platform Quick Response Code platform credential, The public key certificate, the user signature Quick Response Code.
A kind of 9. Quick Response Code authenticating device based on digital certificate as claimed in claim 6, it is characterised in that
The authentication module, is used for:
It is legal that the Quick Response Code platform credential is carried out based on the certificate authority certificate of the end of scan memory storage Property checking;
If the legitimate verification passes through;Based on the Quick Response Code platform credential being verified to being used corresponding to the Quick Response Code The public key certificate at family carries out legitimacy confirmation;
If the legitimacy confirms successfully, the signature of the user is verified based on the public key certificate;
If being verified, confirm that all checkings all pass through.
A kind of 10. Quick Response Code authenticating device based on digital certificate as claimed in claim 6, it is characterised in that the confirmation Module, it is additionally operable to:
When checking not all by when, confirm that the two-dimentional code authentication does not pass through.
CN201711065595.9A 2017-11-02 2017-11-02 A kind of two-dimentional code authentication method and equipment based on digital certificate Pending CN107835079A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711065595.9A CN107835079A (en) 2017-11-02 2017-11-02 A kind of two-dimentional code authentication method and equipment based on digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711065595.9A CN107835079A (en) 2017-11-02 2017-11-02 A kind of two-dimentional code authentication method and equipment based on digital certificate

Publications (1)

Publication Number Publication Date
CN107835079A true CN107835079A (en) 2018-03-23

Family

ID=61650470

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711065595.9A Pending CN107835079A (en) 2017-11-02 2017-11-02 A kind of two-dimentional code authentication method and equipment based on digital certificate

Country Status (1)

Country Link
CN (1) CN107835079A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108900302A (en) * 2018-06-19 2018-11-27 广州佳都数据服务有限公司 Two dimensional code generation, generates terminal and authenticating device at authentication method
CN109379181A (en) * 2018-08-10 2019-02-22 航天信息股份有限公司 It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment
CN109615030A (en) * 2018-10-12 2019-04-12 阿里巴巴集团控股有限公司 Dimension code anti-counterfeit method, equipment and system based on security application
CN110298421A (en) * 2019-06-26 2019-10-01 云宝宝大数据产业发展有限责任公司 A kind of online generation, offline generation and the verification method and device of two dimensional code
CN110659470A (en) * 2019-09-23 2020-01-07 四川虹微技术有限公司 Authentication method and authentication system for off-line physical isolation
CN111027974A (en) * 2019-12-12 2020-04-17 腾讯科技(深圳)有限公司 Identification code verification method, device, equipment and storage medium
CN112865972A (en) * 2021-03-31 2021-05-28 深圳市巽震科技孵化器有限公司 Initialization method, device and system based on digital certificate platform and storage device
CN112929263A (en) * 2021-03-02 2021-06-08 华录智达科技股份有限公司 Real-time system with quick response
CN113282888A (en) * 2021-04-02 2021-08-20 北京千方科技股份有限公司 Offline activation method, system and storage medium of application program
CN115063916A (en) * 2022-05-30 2022-09-16 上海格尔安信科技有限公司 Health code identification method and device for preventing screen capture and code scanning

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800642A (en) * 2009-12-31 2010-08-11 卓望数码技术(深圳)有限公司 Encoding and decoding methods, equipment and system of graphic codes
CN102932148A (en) * 2012-10-25 2013-02-13 成都市易恒信科技有限公司 System and method for preventing safety two-dimensional code counterfeiting on basis of combination of public key (CPK) authentication
CN103795546A (en) * 2014-02-18 2014-05-14 广东数字证书认证中心有限公司 Generating method and authentication method of data label and system of generating method and authentication method
CN104134142A (en) * 2014-08-11 2014-11-05 东南大学 Metro ticket buying and checking method based on two-dimension code recognition
CN104156645A (en) * 2014-08-07 2014-11-19 朱洪标 Copy verification system and application method thereof
CN104715274A (en) * 2013-12-16 2015-06-17 邵贵平 Safe two-dimensional bar code
US20150317466A1 (en) * 2014-05-02 2015-11-05 Verificient Technologies, Inc. Certificate verification system and methods of performing the same
CN106452756A (en) * 2016-11-08 2017-02-22 王栋 Construction verification method and device capable of verifying security two-dimensional code offline
CN106465112A (en) * 2014-05-21 2017-02-22 维萨国际服务协会 Offline authentication
CN106897761A (en) * 2017-03-06 2017-06-27 山东渔翁信息技术股份有限公司 A kind of two-dimensional code generation method and device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800642A (en) * 2009-12-31 2010-08-11 卓望数码技术(深圳)有限公司 Encoding and decoding methods, equipment and system of graphic codes
CN102932148A (en) * 2012-10-25 2013-02-13 成都市易恒信科技有限公司 System and method for preventing safety two-dimensional code counterfeiting on basis of combination of public key (CPK) authentication
CN104715274A (en) * 2013-12-16 2015-06-17 邵贵平 Safe two-dimensional bar code
CN103795546A (en) * 2014-02-18 2014-05-14 广东数字证书认证中心有限公司 Generating method and authentication method of data label and system of generating method and authentication method
US20150317466A1 (en) * 2014-05-02 2015-11-05 Verificient Technologies, Inc. Certificate verification system and methods of performing the same
CN106465112A (en) * 2014-05-21 2017-02-22 维萨国际服务协会 Offline authentication
CN104156645A (en) * 2014-08-07 2014-11-19 朱洪标 Copy verification system and application method thereof
CN104134142A (en) * 2014-08-11 2014-11-05 东南大学 Metro ticket buying and checking method based on two-dimension code recognition
CN106452756A (en) * 2016-11-08 2017-02-22 王栋 Construction verification method and device capable of verifying security two-dimensional code offline
CN106897761A (en) * 2017-03-06 2017-06-27 山东渔翁信息技术股份有限公司 A kind of two-dimensional code generation method and device

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108900302A (en) * 2018-06-19 2018-11-27 广州佳都数据服务有限公司 Two dimensional code generation, generates terminal and authenticating device at authentication method
CN109379181A (en) * 2018-08-10 2019-02-22 航天信息股份有限公司 It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment
CN109615030A (en) * 2018-10-12 2019-04-12 阿里巴巴集团控股有限公司 Dimension code anti-counterfeit method, equipment and system based on security application
CN110298421A (en) * 2019-06-26 2019-10-01 云宝宝大数据产业发展有限责任公司 A kind of online generation, offline generation and the verification method and device of two dimensional code
CN110298421B (en) * 2019-06-26 2023-11-03 云宝宝大数据产业发展有限责任公司 Online generation, offline generation and verification method and device for two-dimensional code
CN110659470A (en) * 2019-09-23 2020-01-07 四川虹微技术有限公司 Authentication method and authentication system for off-line physical isolation
CN111027974A (en) * 2019-12-12 2020-04-17 腾讯科技(深圳)有限公司 Identification code verification method, device, equipment and storage medium
CN112929263B (en) * 2021-03-02 2021-12-10 华录智达科技股份有限公司 Real-time system with quick response
CN112929263A (en) * 2021-03-02 2021-06-08 华录智达科技股份有限公司 Real-time system with quick response
CN112865972B (en) * 2021-03-31 2023-03-14 深圳市巽震科技孵化器有限公司 Initialization method, device and system based on digital certificate platform and storage device
CN112865972A (en) * 2021-03-31 2021-05-28 深圳市巽震科技孵化器有限公司 Initialization method, device and system based on digital certificate platform and storage device
CN113282888A (en) * 2021-04-02 2021-08-20 北京千方科技股份有限公司 Offline activation method, system and storage medium of application program
CN113282888B (en) * 2021-04-02 2024-02-06 北京千方科技股份有限公司 Offline activation method, system and storage medium of application program
CN115063916A (en) * 2022-05-30 2022-09-16 上海格尔安信科技有限公司 Health code identification method and device for preventing screen capture and code scanning
CN115063916B (en) * 2022-05-30 2024-04-26 上海格尔安信科技有限公司 Health code identification method and device for preventing screen capturing and code scanning

Similar Documents

Publication Publication Date Title
CN107835079A (en) A kind of two-dimentional code authentication method and equipment based on digital certificate
US7366905B2 (en) Method and system for user generated keys and certificates
CN101300808B (en) Method and arrangement for secure autentication
CN1838163B (en) Universal electronic stamping system implementation method based on PKI
US20060280297A1 (en) Cipher communication system using device authentication keys
US6789193B1 (en) Method and system for authenticating a network user
AU2006205272B2 (en) Security code production method and methods of using the same, and programmable device therefor
EP1322086A2 (en) Assignment of user certificates/private keys in token enabled public key infrastructure system
CA2457493A1 (en) Data certification method and apparatus
CN106230784A (en) A kind of device authentication method and device
KR20060003319A (en) Device authentication system
US8302175B2 (en) Method and system for electronic reauthentication of a communication party
CN109981287B (en) Code signing method and storage medium thereof
JP2006014325A (en) Method and apparatus for using portable security token to facilitate public key certification for device group in network
CN109922027B (en) Credible identity authentication method, terminal and storage medium
WO2008030184A1 (en) Improved authentication system
SE514105C2 (en) Secure distribution and protection of encryption key information
CN106656505A (en) Mobile terminal electronic signature system based on event certificate and mobile terminal electronic signature method thereof
WO2020042508A1 (en) Method, system and electronic device for processing claim incident based on blockchain
CN104660417B (en) Verification method, checking device and electronic equipment
CN113364597A (en) Privacy information proving method and system based on block chain
US6904524B1 (en) Method and apparatus for providing human readable signature with digital signature
JP2005502269A (en) Method and apparatus for creating a digital certificate
KR20000024445A (en) User Authentication Algorithm Using Digital Signature and/or Wireless Digital Signature with a Portable Device
JPH10336172A (en) Managing method of public key for electronic authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180323

RJ01 Rejection of invention patent application after publication