CN108173659B - Certificate management method and system based on UKEY equipment and terminal equipment - Google Patents
Certificate management method and system based on UKEY equipment and terminal equipment Download PDFInfo
- Publication number
- CN108173659B CN108173659B CN201711364824.7A CN201711364824A CN108173659B CN 108173659 B CN108173659 B CN 108173659B CN 201711364824 A CN201711364824 A CN 201711364824A CN 108173659 B CN108173659 B CN 108173659B
- Authority
- CN
- China
- Prior art keywords
- certificate
- information
- digital certificate
- key
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention is applicable to the technical field of digital certificates, and provides a certificate management method, a certificate management system and terminal equipment based on UKEY equipment. The method comprises the following steps: by obtaining the certificate application information and the signature algorithm. And sending the certificate application information and the signature algorithm to a local digital certificate authentication system. And acquiring a first digital certificate generated by the digital certificate authentication system, and storing the first digital certificate in a certificate database. And acquiring key generation information, generating a key, and storing the key to a certificate database. The first digital certificate and the key are extracted from the certificate database and imported into the UKEY device. The embodiment of the invention integrates the functions of generating, signing, managing and UKEY equipment management of the certificate through a certificate management system without third-party software, thereby improving the safety of certificate information, realizing the integration of the certificate management system and the UKEY equipment, enabling the certificate management system to be smaller and more exquisite, facilitating the operation and optimizing the user experience.
Description
Technical Field
The invention belongs to the technical field of digital certificates, and particularly relates to a certificate management method and system based on a UKEY device and a terminal device.
Background
In an electronic commerce system, a digital certificate is an identification certificate issued to a user, uniqueness of file encryption can be achieved by using the digital certificate, and the application is very wide. At present, after networking is needed in the process of generating the digital certificate, identity verification is carried out through an identity verification system in the Internet. The digital certificate is issued and then exported to generate a digital certificate file, and then the digital certificate file is imported into the UKEY equipment, so that the identity information of a user is stolen due to the fact that data leakage can occur in the networking process and the importing and exporting process of the digital certificate file, and potential safety hazards exist.
In summary, in the prior art, there is a problem that user identity information is stolen and there is a potential safety hazard due to the fact that data leakage may occur in the networking process and the importing and exporting process of the digital certificate file.
Disclosure of Invention
In view of this, embodiments of the present invention provide a certificate management method, system and terminal device based on a UKEY device, so as to solve the problem in the prior art that user identity information is stolen and potential safety hazards exist in a certificate management system networking process and a digital certificate file import and export process.
A first aspect of an embodiment of the present invention provides a certificate management method based on a UKEY device, including:
acquiring certificate application information and a signature algorithm selected by a user;
sending the certificate application information and the signature algorithm to a local digital certificate authentication system;
acquiring a first digital certificate generated by the digital certificate authentication system, wherein the first digital certificate is issued after the digital certificate authentication system verifies the certificate application information, and comprises the certificate application information and a signature algorithm;
saving the first digital certificate to a certificate database;
acquiring key generation information, generating a key, and storing the key to a certificate database;
the first digital certificate and the key are extracted from the certificate database and imported to the UKEY device.
A second aspect of the present invention provides a certificate management system based on a UKEY device, including:
the information acquisition module is used for acquiring the certificate application information and the signature algorithm selected by the user;
the information sending module is used for sending the certificate application information and the signature algorithm to a local digital certificate authentication system;
the digital certificate acquisition module is used for acquiring a first digital certificate generated by the digital certificate authentication system, the first digital certificate is issued after the digital certificate authentication system verifies the certificate application information, and the first digital certificate comprises the certificate application information and a signature algorithm;
the certificate storage module is used for storing the first digital certificate to a certificate database;
the key generation module is used for acquiring key generation information, generating a key and storing the key to a certificate database;
and the certificate information import module is used for extracting the first digital certificate and the key from the certificate database and importing the first digital certificate and the key into the UKEY equipment.
A third aspect of the embodiments of the present invention provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the certificate management method when executing the computer program.
A fourth aspect of embodiments of the present invention provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the certificate management method described above.
Compared with the prior art, the embodiment of the invention has the following beneficial effects: by obtaining the certificate application information and the signature algorithm. And sending the certificate application information and the signature algorithm to a local digital certificate authentication system. Acquiring a first digital certificate generated by the digital certificate authentication system, wherein the first digital certificate is issued after the digital certificate authentication system verifies the certificate application information, and comprises the certificate application information and a signature algorithm; the first digital certificate is saved to a certificate database. And acquiring key generation information, generating a key, and storing the key to a certificate database. The first digital certificate and the key are extracted from the certificate database and imported to the UKEY device. The embodiment of the invention integrates the functions of generating, signing, managing and UKEY equipment management of the certificate through a certificate management system, and can directly guide the generated digital certificate and the key into the UKEY equipment without third-party software, thereby improving the safety of certificate information, realizing the integration of the certificate management system and the UKEY equipment, enabling the certificate management system to have smaller volume, facilitating the operation and optimizing the user experience.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flow chart of an implementation of a certificate management method based on a UKEY device according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a specific implementation of the method in step S106 in fig. 1 according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a certificate management system based on a UKEY device according to an embodiment of the present invention;
fig. 4 is a diagram illustrating a structure of the certificate information import module in fig. 3 according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
The terms "comprises" and "comprising," and any variations thereof, in the description and claims of this invention and the above-described drawings are intended to cover non-exclusive inclusions. For example, a process, method, or system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus. Furthermore, the terms "first," "second," and "third," etc. are used to distinguish between different objects and are not used to describe a particular order.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
Example 1:
fig. 1 shows an implementation flow of a certificate management method based on a UKEY device according to an embodiment of the present invention, and the process is detailed as follows:
in step S101, the certificate application information and the signature algorithm selected by the user are acquired.
The embodiment is applied to a certificate management system based on a UKEY device.
In this embodiment, the certificate management system includes a certificate database, which needs to be created when the certificate management system is initially used.
In this embodiment, the certificate management system has a function of applying for a certificate. The method comprises the steps of firstly obtaining certificate application information, wherein the certificate application information comprises distinguished name information, and the distinguished name information comprises country, province, city, organization, unit and individual name of a user and mailbox information. The certificate application information also comprises the digit of a public key, and the certificate application information is stored in a certificate database after being acquired and recorded as the non-audit information.
In this embodiment, a signature algorithm needs to be obtained, and the signature algorithm refers to an algorithm of a digital signature. The digital signature is a digital string which can be generated only by a sender of the information and cannot be forged by others, and the digital string is also a valid proof of the authenticity of the information sent by the sender of the information. Digital signatures are alphanumeric strings that are processed through a one-way function to authenticate the source of the message and verify that the message has changed during transmission. The three signature algorithms that are currently most widely used are: rabin Signature, DSS (Data Signature Standard) Signature, RSA Signature. In the present embodiment, the RSA signature algorithm is mainly applied.
In step S102, the certificate application information and the signature algorithm are sent to the local CA digital certificate authentication system.
In this embodiment, the certificate management system includes a local CA digital certificate authentication system, and after acquiring the certificate application information and the signature algorithm, sends the certificate application information and the signature algorithm to the CA digital certificate authentication system.
In step S103, a first digital certificate generated by the digital certificate authentication system is acquired, where the first digital certificate is issued after the digital certificate authentication system verifies the certificate application information, and the first digital certificate includes the certificate application information and a signature algorithm.
In this embodiment, the digital certificate authentication system checks the certificate application information after acquiring the certificate application information and the signature algorithm.
The digital certificate authentication system issues a first digital certificate after checking the certificate application information, and specifically comprises:
1) the digital certificate authentication system checks whether the pre-stored information of the user is consistent with the certificate application information.
2) And if the certificate application information and the signature algorithm are consistent, synthesizing the certificate application information and the signature algorithm into a first digital certificate.
In this embodiment, the certificate management system is local and is not networked with a third-party certificate authentication center, so that the information sending process of the certificate management system is safer.
In step S104, the first digital certificate is saved to the certificate database.
In step S105, key generation information is acquired, a key is generated, and the key is saved to the certificate database.
In this embodiment, a key is generated by obtaining key generation information, where the key is a private key, and the key generation information includes a key name, a key bit number, and a key storage format. And after the key is generated, the key is stored in a corresponding key storage module of the certificate database.
In step S106, the first digital certificate and the key are extracted from the certificate database and imported to the UKEY device.
In this embodiment, the certificate management system includes a function of importing a certificate into the UKEY device, and when a first digital certificate and a UKEY device that need to be imported into the UKEY device are selected from the certificate database, the first digital certificate and a key may be directly imported into the UKEY device.
As can be seen from the above embodiments, the certificate application information and the signature algorithm are obtained. And sending the certificate application information and the signature algorithm to a local digital certificate authentication system. And acquiring a first digital certificate generated by the digital certificate authentication system, wherein the first digital certificate is issued after the digital certificate authentication system verifies the certificate application information, and storing the first digital certificate in a certificate database. And acquiring key generation information, generating a key, and storing the key to a certificate database. The first digital certificate and the key are extracted from the certificate database and imported to the UKEY device. The embodiment of the invention integrates the functions of generating, signing, managing and UKEY equipment management of the certificate through a certificate management system without third-party software, thereby improving the safety of certificate information, realizing the integration of the certificate management system and the UKEY equipment, enabling the certificate management system to be smaller and more exquisite, facilitating the operation and optimizing the user experience.
In one embodiment, the obtaining of the certificate application information and the signature algorithm selected by the user includes:
1) acquiring certificate application information input by a user on a certificate application interface, and storing the certificate application information to a certificate database;
2) and acquiring the signature algorithm selected by the user on a certificate issuing interface.
In one embodiment, the obtaining of the certificate application information and the signature algorithm selected by the user includes: and directly acquiring the certificate application information input by the user and the signature algorithm selected by the user on a certificate generation interface.
In this embodiment, when the first digital certificate issued by the certificate management system is only used in a small range, for example, the first digital certificate issued to the user only for one company (unit) and does not perform cross-authentication with the certificate authentication center of the third party, the certificate application information and the signature algorithm may be directly acquired on the certificate generation interface to the digital certificate authentication system, and the digital certificate authentication system performs the audit to generate the first digital certificate without storing the certificate application information.
As shown in fig. 2, in an embodiment of the present invention, the method of step S106 in fig. 1 specifically includes:
in step S201, when the access information of the UKEY device is detected, obtaining login password information input by the user;
in step S202, checking whether the login password information is consistent with pre-stored login password information;
in step S203, when the login password information is consistent with the pre-stored login password information, selecting the first digital certificate and the key in the certificate database, and importing the first digital certificate and the key to the UKEY device.
In this embodiment, when access information of the UKEY device is detected, firstly, login password information is acquired, login password information used for the first time is a default password, the default password may be set to 123456, login password information input by a user is acquired and compared with prestored login password information, if the login password information is consistent, a UKEY management interface is displayed, the UKEY management interface includes a password management function, and login password information of the UKEY can be modified through the password management function; the UKEY management interface also comprises a UKEY certificate management function which is used for detecting whether the UKEY equipment has written a digital certificate or not, when detecting that the UKEY equipment has not written the digital certificate, selecting a first digital certificate and a key from a certificate database, and directly importing the first digital certificate and the key into the UKEY equipment.
In this embodiment, the first digital certificate can be directly imported into the UKEY device through the function of importing the certificate into the UKEY device by the certificate management system, and a cumbersome method of importing the first digital certificate file into the UKEY device without exporting the first digital certificate file through the certificate management system is required, so that the operation flow of importing the certificate into the UKEY device is simplified, third-party software is not required, the risk of leakage and tampering in the information transmission process is reduced, and the safety of information transmission of importing the digital certificate into the UKEY device is ensured.
In one embodiment, when the access information of the UKEY device is detected, the second digital certificate in the UKEY device is imported to a certificate database, and the second digital certificate in the UKEY device is backed up.
In this embodiment, when the local certificate database does not store the second digital certificate of a certain UKEY device, the second digital certificate of the UKEY device may be exported to the certificate database. When the access information of the UKEY equipment is detected, the login password information is verified, when the access information passes the login password information verification, the certificate management system displays a UKEY management interface, the UKEY certificate management function of the UKEY management interface further comprises that when a certificate import instruction is obtained, the certificate management system pops up a display list interface of the UKEY equipment, selects a second digital certificate of the UKEY equipment, and imports the second digital certificate into a certificate database of the certificate management system, so that the certificate database backs up the second digital certificate.
As can be seen from this embodiment, the certificate management system provided in the embodiment of the present invention completes a management function on the UKEY device, and can directly import the second digital certificate in the UKEY device, so that the backup operation of the second digital certificate is simpler and the use is more convenient.
In one embodiment, after step S101, the embodiment of the present invention further includes:
and exporting the certificate application information to generate a certificate application file, wherein the certificate application file is used for indicating a third-party certificate authentication center to issue and generate a third-party digital certificate.
In this embodiment, the certificate application information is exported to generate a certificate application file, so that the certificate application file is sent to the third-party certificate authentication center, and a third-party digital certificate is issued and generated in the third-party certificate authentication center, so that secure communication between a user in one certificate authentication center and a user in another certificate authentication center is possible.
In one embodiment, obtaining the certificate application information includes obtaining the certificate application information input by a user; or, acquiring the certificate application information includes acquiring the certificate application information imported by a third party certificate application file.
In this embodiment, by the above method of importing or exporting the certificate application information to the certificate authentication center of the third party, interaction with the certificate authentication center of the third party is achieved, so that secure communication between a user in one certificate authentication center and a user in another certificate authentication center is possible.
In an embodiment of the present invention, the certificate management system further includes importing a PKCS (Public-Key Cryptography Standards) #12 digital certificate, where the PKCS #12 is a provisioning standard format and is mainly used for transmitting, backing up, and recovering the digital certificates and their associated Public keys or private keys in the Public Key encryption system. PKCS #12 is an export format that is commonly used to export a digital certificate and its private key because exporting a user's private key in a less secure way poses a security risk. PKCS #12 is used to export digital certificates to other computers, to removable media for backup, or to smart card enabled smart card authentication schemes.
In an embodiment of the invention, the PKCS #12 digital certificate can be imported into the certificate database, or the PKCS #12 digital certificate in the certificate database can be exported into the UKEY device, without third-party software, so that the transmission process is safer.
In one embodiment of the present invention, the certificate management system further comprises an revoke certificate management interface for revoking the statement regarding the permission of the user to use the digital certificate (including the first digital certificate and the second digital certificate) stored in the certificate database before the digital certificate expires normally. When acquiring an revoke command of a certificate, the revoke certificate management interface displays the digital certificate and a revoke reason of the corresponding digital certificate, for example: key compromised, CA compromised, affiliation change, replacement, and service termination. After the revoked digital certificate expires, the relevant entry for that digital certificate in the revoked certificate management interface is deleted to shorten the size of the revoked certificate management interface list.
In the embodiment, the certificate management system integrates the functions of generating, issuing a digital certificate, generating a key, managing the certificate and managing the UKEY equipment through the certificate management method based on the UKEY equipment, the digital certificate is issued through the local digital certificate authentication system, the functions of directly importing and exporting the digital certificate can be realized, third-party software is not needed, the certificate management system is not needed to be installed, the size is small, and the certificate management system can be used after being copied, so that the operation of a user is facilitated.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Example 2:
as shown in fig. 3, an embodiment of the present invention provides a certificate management system 100 based on a UKEY device, configured to execute the method steps in the corresponding embodiment of fig. 1, where the method includes:
and an information obtaining module 110, configured to obtain the certificate application information and the signature algorithm selected by the user.
And the information sending module 120 is configured to send the certificate application information and the signature algorithm to a local digital certificate authentication system.
The digital certificate acquisition module 130 is configured to acquire a first digital certificate generated by issuing of the digital certificate authentication system, where the first digital certificate is issued after the digital certificate authentication system verifies the certificate application information, and the first digital certificate includes the certificate application information and a signature algorithm.
A certificate store module 140, configured to store the first digital certificate in a certificate database.
And the key generation module 150 is configured to obtain key generation information, generate a key, and store the key in the certificate database.
And the certificate information import module 160 is configured to extract the first digital certificate and the key from the certificate database and import the first digital certificate and the key to the UKEY device.
As can be seen from the above embodiments, the certificate application information and the signature algorithm are obtained. And sending the certificate application information and the signature algorithm to a local digital certificate authentication system. And acquiring a first digital certificate generated by the digital certificate authentication system, wherein the first digital certificate is issued after the digital certificate authentication system verifies the certificate application information, and storing the first digital certificate in a certificate database. And acquiring key generation information, generating a key, and storing the key to a certificate database. The first digital certificate and the key are extracted from the certificate database and imported to the UKEY device. The embodiment of the invention integrates the functions of generating, issuing and managing the certificate and the UKEY equipment management through one certificate management system, thereby improving the safety of the certificate information, realizing the integration of the certificate management system and the UKEY equipment, enabling the certificate management system to be smaller in size, convenient to operate and optimizing the user experience.
As shown in fig. 4, in an embodiment of the present invention, the certificate information import module 160 in the embodiment corresponding to fig. 4 further includes a structure for executing the method steps in the embodiment corresponding to fig. 2, which includes:
a login password information obtaining unit 161 configured to obtain login password information input by a user when access information of the UKEY device is detected;
a password information checking unit 162 for checking whether the login password information is identical to the pre-stored login password information;
and a certificate information importing unit 163 for selecting a digital certificate and a key in the certificate database and importing them to the UKEY device when the login password information is identical to the pre-stored login password information.
In this embodiment, the first digital certificate may be directly imported into the UKEY device through the function of importing the certificate into the UKEY of the certificate management system, and a cumbersome method of exporting a digital certificate file through the certificate management system and importing the digital certificate file into the UKEY device is not required, so that the operation flow of importing the certificate into the UKEY device is simplified, third-party software is not required, and the security of information transmission of importing the digital certificate into the UKEY device is ensured.
In one embodiment, the certificate management system 100 provided by the embodiment of the present invention further includes:
and the digital certificate export module is used for exporting the second digital certificate in the UKEY equipment to the certificate database and backing up the second digital certificate in the UKEY equipment when the access information of the UKEY equipment is detected.
It can be known from the foregoing embodiments that the certificate management system provided in the embodiments of the present invention can complete a management function on the UKEY device, and can directly import the second digital certificate in the UKEY device, so that the backup operation of the second digital certificate is simpler and the use is more convenient.
In one embodiment, after the information obtaining module 110, the certificate management system 100 provided by the embodiment of the present invention further includes:
and the certificate application file generation module is used for exporting the certificate application information and generating a certificate application file, and the certificate application file is used for indicating a third-party certificate authentication center to issue and generate a third-party digital certificate.
It can be known from the above embodiments that, by the above method of exporting certificate application information to a certificate authority of a third party, interaction with the certificate authority of the third party is achieved, so that secure communication between a user under one certificate authority and a user under another certificate authority is possible.
Example 3:
the embodiment of the present invention further provides a terminal device 5, which includes a processor 50, a memory 51, and a computer program 52 stored in the memory 51 and operable on the processor, where when the processor 50 executes the computer program 52, the steps in the embodiments described in embodiment 1, for example, steps S101 to S106 shown in fig. 1, are implemented. Alternatively, the processor 50, when executing the computer program 52, implements the functions of the respective modules in the respective device embodiments as described in embodiment 2, for example, the functions of the modules 110 to 160 shown in fig. 3.
The terminal device 5 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The terminal device 5 may include, but is not limited to, a processor, a memory. For example, the terminal device may further include an input-output device, a network access device, a bus, and the like.
The Processor 50 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 51 may be an internal storage unit of the terminal device 5, such as a hard disk or a memory of the terminal device 5. The memory 51 may also be an external storage device of the terminal device 5, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 5. Further, the memory may also include both an internal storage unit of the terminal device and an external storage device. The memory is used for storing the computer program and other programs and data required by the terminal device. The memory may also be used to temporarily store data that has been output or is to be output.
Example 4:
an embodiment of the present invention further provides a computer-readable storage medium, in which a computer program 52 is stored, and when being executed by the processor 50, the computer program 52 implements the steps in the embodiments described in embodiment 1, such as step S101 to step S106 shown in fig. 1. Alternatively, the computer program 52 implements the functions of the respective modules in the respective apparatus embodiments as described in embodiment 2, for example, the functions of the modules 110 to 160 shown in fig. 3, when executed by the processor.
The computer program 52 may be stored in a computer readable storage medium, and when executed by the processor 50, the computer program 52 may implement the steps of the above-described method embodiments. Wherein the computer program 52 comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media which may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs.
The modules or units in the system of the embodiment of the invention can be combined, divided and deleted according to actual needs.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (8)
1. A certificate management method based on UKEY equipment is characterized by comprising the following steps:
acquiring certificate application information and a signature algorithm selected by a user;
sending the certificate application information and the signature algorithm to a local digital certificate authentication system;
acquiring a first digital certificate generated by the digital certificate authentication system, wherein the first digital certificate is issued after the digital certificate authentication system verifies the certificate application information, and the first digital certificate comprises the certificate application information and the signature algorithm;
saving the first digital certificate to a certificate database;
acquiring key generation information, generating a key, and storing the key to the certificate database;
extracting the first digital certificate and the key from the certificate database and importing the first digital certificate and the key into UKEY equipment;
the extracting the first digital certificate and the key from the certificate database and importing the first digital certificate and the key to a UKEY device includes:
when the access information of the UKEY equipment is detected, acquiring login password information input by the user;
checking whether the login password information is consistent with the pre-stored login password information;
and when the login password information is consistent with the pre-stored login password information, selecting the first digital certificate and the key in the certificate database, and importing the first digital certificate and the key into the UKEY equipment.
2. The UKEY device-based certificate management method of claim 1 further comprising:
when the access information of the UKEY equipment is detected, exporting the second digital certificate in the UKEY equipment to the certificate database, and backing up the second digital certificate in the UKEY equipment.
3. The method for certificate management based on a UKEY device as claimed in claim 1, wherein after obtaining the certificate application information and the signature algorithm selected by the user, further comprising:
and exporting the certificate application information to generate a certificate application file, wherein the certificate application file is used for indicating a third-party certificate authentication center to issue and generate a third-party digital certificate.
4. The method for certificate management based on a UKEY device as claimed in claim 1, wherein the obtaining of the certificate application information comprises obtaining the certificate application information inputted by the user; alternatively, the first and second electrodes may be,
the acquiring of the certificate application information comprises acquiring the certificate application information imported by a third party certificate application file.
5. A system for certificate management based on a UKEY device, comprising:
the information acquisition module is used for acquiring the certificate application information and the signature algorithm selected by the user;
the information sending module is used for sending the certificate application information and the signature algorithm to a local digital certificate authentication system;
a digital certificate acquisition module, configured to acquire a first digital certificate generated by the digital certificate authentication system, where the first digital certificate is issued after the digital certificate authentication system verifies the certificate application information, and the first digital certificate includes the certificate application information and the signature algorithm;
the certificate storage module is used for storing the first digital certificate to a certificate database;
the key generation module is used for acquiring key generation information, generating a key and storing the key to the certificate database;
the certificate information import module is used for extracting the first digital certificate and the key from the certificate database and importing the first digital certificate and the key into UKEY equipment;
the certificate information importing module specifically includes:
the login password information acquisition unit is used for acquiring login password information input by the user when the access information of the UKEY equipment is detected;
a password information checking unit for checking whether the login password information is consistent with pre-stored login password information;
and the certificate information importing unit is used for selecting the digital certificate and the key in the certificate database and importing the digital certificate and the key to the UKEY equipment when the login password information is consistent with the pre-stored login password information.
6. The UKEY device-based certificate management system of claim 5, further comprising:
and the digital certificate export module is used for exporting the second digital certificate in the UKEY equipment to the certificate database and backing up the second digital certificate in the UKEY equipment when the access information of the UKEY equipment is detected.
7. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the certificate management method according to any of claims 1 to 4 when executing the computer program.
8. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the certificate management method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711364824.7A CN108173659B (en) | 2017-12-18 | 2017-12-18 | Certificate management method and system based on UKEY equipment and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711364824.7A CN108173659B (en) | 2017-12-18 | 2017-12-18 | Certificate management method and system based on UKEY equipment and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108173659A CN108173659A (en) | 2018-06-15 |
| CN108173659B true CN108173659B (en) | 2020-11-10 |
Family
ID=62522347
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711364824.7A Active CN108173659B (en) | 2017-12-18 | 2017-12-18 | Certificate management method and system based on UKEY equipment and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108173659B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109412812B (en) * | 2018-08-29 | 2021-12-03 | 中国建设银行股份有限公司 | Data security processing system, method, device and storage medium |
| CN110413672B (en) * | 2019-07-03 | 2023-09-19 | 平安科技(深圳)有限公司 | Automatic data importing method and device and computer readable storage medium |
| CN110705985B (en) * | 2019-10-21 | 2020-09-29 | 北京海益同展信息科技有限公司 | Method and apparatus for storing information |
| CN113364591A (en) * | 2020-03-03 | 2021-09-07 | 北京奇虎科技有限公司 | Certificate management method and device |
| CN111428213B (en) * | 2020-03-27 | 2024-02-02 | 深圳融安网络科技有限公司 | Dual-factor authentication apparatus, method thereof, and computer-readable storage medium |
| CN113765668A (en) * | 2020-06-03 | 2021-12-07 | 广州汽车集团股份有限公司 | Vehicle digital certificate on-line installation method and vehicle digital certificate management device |
| CN112862487A (en) * | 2021-03-03 | 2021-05-28 | 青岛海链数字科技有限公司 | Digital certificate authentication method, equipment and storage medium |
| CN114760070A (en) * | 2022-04-22 | 2022-07-15 | 深圳市永达电子信息股份有限公司 | Digital certificate issuing method, digital certificate issuing center and readable storage medium |
| CN115481385B (en) * | 2022-10-31 | 2023-03-31 | 麒麟软件有限公司 | Certificate management method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127111A (en) * | 2006-08-18 | 2008-02-20 | 中信银行 | Internet bank U disc KEY ciphering, authentication device and method |
| CN101447867A (en) * | 2008-12-31 | 2009-06-03 | 中国建设银行股份有限公司 | Method for managing digital certificate and system |
| EP2704071A1 (en) * | 2012-08-31 | 2014-03-05 | Gemalto SA | System and method for secure customization of a personal token during a personalization step |
| CN104579687A (en) * | 2015-01-19 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | CSP implementation based on USBKEY |
| CN105141420A (en) * | 2015-07-29 | 2015-12-09 | 飞天诚信科技股份有限公司 | Method, device and server for securely introducing and issuing certificates |
-
2017
- 2017-12-18 CN CN201711364824.7A patent/CN108173659B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127111A (en) * | 2006-08-18 | 2008-02-20 | 中信银行 | Internet bank U disc KEY ciphering, authentication device and method |
| CN101447867A (en) * | 2008-12-31 | 2009-06-03 | 中国建设银行股份有限公司 | Method for managing digital certificate and system |
| EP2704071A1 (en) * | 2012-08-31 | 2014-03-05 | Gemalto SA | System and method for secure customization of a personal token during a personalization step |
| CN104579687A (en) * | 2015-01-19 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | CSP implementation based on USBKEY |
| CN105141420A (en) * | 2015-07-29 | 2015-12-09 | 飞天诚信科技股份有限公司 | Method, device and server for securely introducing and issuing certificates |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108173659A (en) | 2018-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108173659B (en) | Certificate management method and system based on UKEY equipment and terminal equipment | |
| US11088855B2 (en) | System and method for verifying an identity of a user using a cryptographic challenge based on a cryptographic operation | |
| US9838205B2 (en) | Network authentication method for secure electronic transactions | |
| CN105427099B (en) | The method for network authorization of secure electronic transaction | |
| CN106936577B (en) | Method, terminal and system for certificate application | |
| CN108737106B (en) | User authentication method and device on block chain system, terminal equipment and storage medium | |
| EP2961094A1 (en) | System and method for generating a random number | |
| CN106452764B (en) | Method for automatically updating identification private key and password system | |
| CA2914956C (en) | System and method for encryption | |
| CN105007274A (en) | Mobile terminal-based identity authentication system and method | |
| CN109981287B (en) | Code signing method and storage medium thereof | |
| CN110401615A (en) | A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing | |
| CN106921496A (en) | A kind of digital signature method and system | |
| US10439809B2 (en) | Method and apparatus for managing application identifier | |
| CN110598433B (en) | Block chain-based anti-fake information processing method and device | |
| TW202211047A (en) | Data acquisition method, apparatus and device, and medium | |
| CN101739622A (en) | Trusted payment computer system | |
| CN112165382A (en) | Software authorization method and device, authorization server and terminal equipment | |
| CN103684797A (en) | Subscriber and subscriber terminal equipment correlation authentication method and system | |
| CN116633522A (en) | Two-party privacy intersection method and system based on blockchain | |
| CN114760070A (en) | Digital certificate issuing method, digital certificate issuing center and readable storage medium | |
| EP3133791A1 (en) | Double authentication system for electronically signed documents | |
| CN105007162A (en) | Trusted electronic signature system and electronic signature method | |
| CN112332980A (en) | Digital certificate signing and verifying method, equipment and storage medium | |
| CN108183804B (en) | Certificate sharing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |