CN108923931B - Electronic certificate processing method and device and computer readable storage medium - Google Patents
Electronic certificate processing method and device and computer readable storage medium Download PDFInfo
- Publication number
- CN108923931B CN108923931B CN201810680257.4A CN201810680257A CN108923931B CN 108923931 B CN108923931 B CN 108923931B CN 201810680257 A CN201810680257 A CN 201810680257A CN 108923931 B CN108923931 B CN 108923931B
- Authority
- CN
- China
- Prior art keywords
- electronic certificate
- terminal
- information
- signing
- prnu
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Abstract
The embodiment of the invention discloses an electronic certificate processing method, wherein the method comprises the following steps: acquiring a first image, wherein the first image comprises first optical response imbalance (PRNU) information corresponding to a camera of a signing terminal; acquiring first biological identification information corresponding to a first communication account logged in a signing terminal; acquiring an electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for indicating authorization information which allows a first business operation to be executed on the signing terminal when a communication account logged on the signing terminal is a first communication account; and executing the first business operation according to the electronic certificate. The embodiment of the invention also discloses equipment and a computer readable storage medium. By implementing the scheme, a solution for preventing the electronic certificate from being stolen is provided.
Description
Technical Field
The present invention relates to the field of information technologies, and in particular, to a method and an apparatus for processing an electronic certificate, and a computer-readable storage medium.
Background
With the rapid development of internet technology and information technology, electronic certificates are more and more widely used. The electronic certificate is also called electronic certificate, and the electronic certificate can be regarded as an online identity card. Electronic vouchers are often used to identify user identities, electronic transaction related scenarios.
The electronic certificate has the characteristic of keeping the integrity and confidentiality of the electronic certificate in the electronic transmission process.
However, the electronic certificate still has the possibility of being illegally acquired, and how to prevent the electronic certificate from being stolen becomes an urgent problem to be solved.
Disclosure of Invention
In view of the above, embodiments of the present invention are intended to provide an electronic certificate processing method, an electronic certificate processing apparatus, and a computer-readable storage medium, which provide a solution for preventing electronic certificates from being stolen.
The technical scheme of the embodiment of the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides an electronic certificate processing method, which is applied to a subscription terminal, and the method includes:
acquiring a first image, wherein the first image comprises first optical response imbalance (PRNU) information corresponding to a camera of the signing terminal;
acquiring first biological identification information corresponding to a first communication account logged in the signing terminal;
acquiring the electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for representing authorization information which allows a first business operation to be executed on the signing terminal when a communication account logged in on the signing terminal is the first communication account;
and executing the first business operation according to the electronic certificate.
In a second aspect, an embodiment of the present invention provides an electronic certificate processing method, which is applied to a server, and the method includes:
receiving an electronic certificate generation request sent by a signing terminal, wherein the electronic certificate generation request comprises: the signing terminal comprises an identifier of the signing terminal, a first image collected on the signing terminal, an identifier of a first communication account logged in the signing terminal and first biological identification information corresponding to the first communication account;
extracting first PRNU information from the first image;
generating an electronic certificate according to the first PRNU information and the first biological identification information, wherein the electronic certificate is used for representing authorization information for allowing the signing terminal to execute a first service operation when a communication account logged in the signing terminal is the first communication account;
and sending the electronic certificate to the signing terminal.
In a third aspect, an embodiment of the present invention provides a terminal, where the terminal is a subscription terminal, and the subscription terminal at least includes: a memory, a communication bus, and a processor, wherein:
the memory is used for storing an electronic certificate processing program;
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is used for executing the electronic certificate processing program stored in the memory so as to realize the following steps:
acquiring a first image, wherein the first image comprises first optical response imbalance (PRNU) information corresponding to a camera of the signing terminal;
acquiring first biological identification information corresponding to a first communication account logged in the signing terminal;
acquiring the electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for representing authorization information which allows a first business operation to be executed on the signing terminal when a communication account logged in on the signing terminal is the first communication account;
and executing the first business operation according to the electronic certificate.
In a fourth aspect, an embodiment of the present invention provides a server, where the second network device at least includes: a memory, a communication bus, and a processor, wherein:
the memory is used for storing an electronic certificate processing program;
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is used for executing the electronic certificate processing program stored in the memory so as to realize the following steps:
receiving an electronic certificate generation request sent by a signing terminal, wherein the electronic certificate generation request comprises: the signing terminal comprises an identifier of the signing terminal, a first image collected on the signing terminal, an identifier of a first communication account logged in the signing terminal and first biological identification information corresponding to the first communication account;
extracting first PRNU information from the first image;
generating an electronic certificate according to the first PRNU information and the first biological identification information, wherein the electronic certificate is used for representing authorization information for allowing the signing terminal to execute a first service operation when a communication account logged in the signing terminal is the first communication account;
and sending the electronic certificate to the signing terminal.
In a fifth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which an electronic certificate processing program is stored, and the electronic certificate processing program, when executed by a processor, implements the steps of the electronic certificate processing method according to the first aspect, or the electronic certificate processing program, when executed by a processor, implements the steps of the electronic certificate processing method according to the second aspect.
In the embodiment of the present invention, with the above scheme, a first image is obtained, where the first image includes first optical response imbalance PRNU information corresponding to a camera of a sign terminal; acquiring first biological identification information corresponding to a first communication account logged in a signing terminal; acquiring an electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for indicating authorization information which allows a first business operation to be executed on the signing terminal when a communication account logged on the signing terminal is a first communication account; and executing the first business operation according to the electronic certificate. The technical scheme provided by the embodiment of the invention can prevent the electronic certificate from being embezzled.
Drawings
Fig. 1 is a schematic diagram of a hardware structure of a mobile terminal implementing various embodiments of the present invention;
fig. 2 is a diagram of a communication network system architecture according to an embodiment of the present invention;
fig. 3 is a first flowchart illustrating an electronic certificate processing method according to an embodiment of the present invention;
fig. 4 is a second flowchart illustrating an electronic certificate processing method according to an embodiment of the present invention;
fig. 5 is a first schematic interaction flow diagram of an electronic certificate processing method according to an embodiment of the present invention;
fig. 6 is a schematic interaction flow diagram of an electronic certificate processing method according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a providing server according to an embodiment of the present invention.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.
The terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a Personal Digital Assistant (PDA), a Portable Media Player (PMP), a navigation device, a wearable device, a smart band, a pedometer, and the like, and a fixed terminal such as a Digital TV, a desktop computer, and the like.
The following description will be given by way of example of a mobile terminal, and it will be understood by those skilled in the art that the construction according to the embodiment of the present invention can be applied to a fixed type terminal, in addition to elements particularly used for mobile purposes.
Referring to fig. 1, which is a schematic diagram of a hardware structure of a mobile terminal for implementing various embodiments of the present invention, the mobile terminal 100 may include: RF (Radio Frequency) unit 101, WiFi module 102, audio output unit 103, a/V (audio/video) input unit 104, sensor 105, display unit 106, user input unit 107, interface unit 108, memory 109, processor 110, and power supply 111. Those skilled in the art will appreciate that the mobile terminal architecture shown in fig. 1 is not intended to be limiting of mobile terminals, which may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The following describes each component of the mobile terminal in detail with reference to fig. 1:
the radio frequency unit 101 may be configured to receive and transmit signals during information transmission and reception or during a call, and specifically, receive downlink information of a base station and then process the downlink information to the processor 110; in addition, the uplink data is transmitted to the base station. Typically, radio frequency unit 101 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. In addition, the radio frequency unit 101 can also communicate with a network and other devices through wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA2000(Code Division Multiple Access 2000), WCDMA (Wideband Code Division Multiple Access), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access), FDD-LTE (Frequency Division duplex Long Term Evolution), and TDD-LTE (Time Division duplex Long Term Evolution).
WiFi belongs to short-distance wireless transmission technology, and the mobile terminal can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 102, and provides wireless broadband internet access for the user. Although fig. 1 shows the WiFi module 102, it is understood that it does not belong to the essential constitution of the mobile terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The audio output unit 103 may convert audio data received by the radio frequency unit 101 or the WiFi module 102 or stored in the memory 109 into an audio signal and output as sound when the mobile terminal 100 is in a call signal reception mode, a call mode, a recording mode, a voice recognition mode, a broadcast reception mode, or the like. Also, the audio output unit 103 may also provide audio output related to a specific function performed by the mobile terminal 100 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 103 may include a speaker, a buzzer, and the like.
The a/V input unit 104 is used to receive audio or video signals. The a/V input Unit 104 may include a Graphics Processing Unit (GPU) 1041 and a microphone 1042, the Graphics processor 1041 Processing image data of still pictures or video obtained by an image capturing device (e.g., a camera) in a video capturing mode or an image capturing mode. The processed image frames may be displayed on the display unit 106. The image frames processed by the graphic processor 1041 may be stored in the memory 109 (or other storage medium) or transmitted via the radio frequency unit 101 or the WiFi module 102. The microphone 1042 may receive sounds (audio data) via the microphone 1042 in a phone call mode, a recording mode, a voice recognition mode, or the like, and may be capable of processing such sounds into audio data. The processed audio (voice) data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 101 in case of a phone call mode. The microphone 1042 may implement various types of noise cancellation (or suppression) algorithms to cancel (or suppress) noise or interference generated in the course of receiving and transmitting audio signals.
The mobile terminal 100 also includes at least one sensor 105, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 1061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 1061 and/or a backlight when the mobile terminal 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a fingerprint sensor, a pressure sensor, an iris sensor, a molecular sensor, a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.
The display unit 106 is used to display information input by a user or information provided to the user. The Display unit 106 may include a Display panel 1061, and the Display panel 1061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The user input unit 107 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the mobile terminal. Specifically, the user input unit 107 may include a touch panel 1071 and other input devices 1072. The touch panel 1071, also referred to as a touch screen, may collect a touch operation performed by a user on or near the touch panel 1071 (e.g., an operation performed by the user on or near the touch panel 1071 using a finger, a stylus, or any other suitable object or accessory), and drive a corresponding connection device according to a predetermined program. The touch panel 1071 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 110, and can receive and execute commands sent by the processor 110. In addition, the touch panel 1071 may be implemented in various types, such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 1071, the user input unit 107 may include other input devices 1072. In particular, other input devices 1072 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like, and are not limited to these specific examples.
Further, the touch panel 1071 may cover the display panel 1061, and when the touch panel 1071 detects a touch operation thereon or nearby, the touch panel 1071 transmits the touch operation to the processor 110 to determine the type of the touch event, and then the processor 110 provides a corresponding visual output on the display panel 1061 according to the type of the touch event. Although the touch panel 1071 and the display panel 1061 are shown in fig. 1 as two separate components to implement the input and output functions of the mobile terminal, in some embodiments, the touch panel 1071 and the display panel 1061 may be integrated to implement the input and output functions of the mobile terminal, and is not limited herein.
The interface unit 108 serves as an interface through which at least one external device is connected to the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 108 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the mobile terminal 100 or may be used to transmit data between the mobile terminal 100 and external devices.
The memory 109 may be used to store software programs as well as various data. The memory 109 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 109 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 110 is a control center of the mobile terminal, connects various parts of the entire mobile terminal using various interfaces and lines, and performs various functions of the mobile terminal and processes data by operating or executing software programs and/or modules stored in the memory 109 and calling data stored in the memory 109, thereby performing overall monitoring of the mobile terminal. Processor 110 may include one or more processing units; preferably, the processor 110 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 110.
The mobile terminal 100 may further include a power supply 111 (e.g., a battery) for supplying power to various components, and preferably, the power supply 111 may be logically connected to the processor 110 via a power management system, so as to manage charging, discharging, and power consumption management functions via the power management system.
Although not shown in fig. 1, the mobile terminal 100 may further include a bluetooth module or the like, which is not described in detail herein.
In order to facilitate understanding of the embodiments of the present invention, a communication network system on which the mobile terminal of the present invention is based is described below.
Referring to fig. 2, fig. 2 is an architecture diagram of a communication Network system according to an embodiment of the present invention, where the communication Network system is an LTE system of a universal mobile telecommunications technology, and the LTE system includes a UE (User Equipment) 201, an E-UTRAN (Evolved UMTS Terrestrial Radio Access Network) 202, an EPC (Evolved Packet Core) 203, and an IP service 204 of an operator, which are in communication connection in sequence.
Specifically, the UE201 may be the terminal 100 described above, and is not described herein again.
The E-UTRAN202 includes eNodeB2021 and other eNodeBs 2022, among others. Among them, the eNodeB2021 may be connected with other eNodeB2022 through backhaul (e.g., X2 interface), the eNodeB2021 is connected to the EPC203, and the eNodeB2021 may provide the UE201 access to the EPC 203.
The EPC203 may include an MME (Mobility Management Entity) 2031, an HSS (Home Subscriber Server) 2032, other MMEs 2033, an SGW (Serving gateway) 2034, a PGW (PDN gateway) 2035, and a PCRF (Policy and Charging Rules Function) 2036, and the like. The MME2031 is a control node that handles signaling between the UE201 and the EPC203, and provides bearer and connection management. HSS2032 is used to provide registers to manage functions such as home location register (not shown) and holds subscriber specific information about service characteristics, data rates, etc. All user data may be sent through SGW2034, PGW2035 may provide IP address assignment for UE201 and other functions, and PCRF2036 is a policy and charging control policy decision point for traffic data flow and IP bearer resources, which selects and provides available policy and charging control decisions for a policy and charging enforcement function (not shown).
The IP services 204 may include the internet, intranets, IMS (IP Multimedia Subsystem), or other IP services, among others.
Although the LTE system is described as an example, it should be understood by those skilled in the art that the present invention is not limited to the LTE system, but may also be applied to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA, and future new network systems.
Based on the above mobile terminal hardware structure and communication network system, the present invention provides various embodiments of the method.
The electronic certificate related in the embodiment of the invention can be a string of ID, two-dimensional code, electronic identity card and the like, and the electronic certificate has the possibility of being stolen or being stolen in the process of being transmitted through a network or being viewed on a signing terminal for acquiring the electronic certificate. The embodiment of the invention aims to provide an electronic certificate acquisition method capable of preventing electronic certificates from being stolen.
An application scenario and an implementation manner of the electronic certificate processing method provided by the embodiment of the present invention are described below with a subscription terminal and a server as examples.
In the embodiment of the invention, the signed terminal can be deployed with the client of the application, and the server can be a server for providing the application service. The signing terminal can communicate with a server side on the server through the client side. The server can determine the service authority or the digital resource corresponding to the communication account or the service account according to the communication account or the service account logged in the client, and generate the electronic certificate of the communication account or the service account. And the client on the signing terminal can use the service authority or the digital resource corresponding to the electronic certificate after acquiring the electronic certificate. For example, the service authority may be a call authority with a call duration of 1 month, and the digital resource may be 1 ten thousand yuan stored in a fund account.
The electronic certificate processing method provided by the embodiment of the invention can be applied to the transmission process and the use process of the electronic certificate.
The electronic certificate processing method provided by the embodiment of the invention is respectively explained by taking a signing terminal and a server as examples.
The embodiment of the invention provides an electronic certificate processing method, wherein an execution main body of the embodiment of the invention can be a terminal, and the terminal can sign a contract on a server and has the authority to execute a first service operation, so that the terminal can be called a signing terminal. Fig. 3 is a first schematic flowchart of an electronic certificate processing method according to an embodiment of the present invention, as shown in fig. 3, the method may include the following steps:
in step S301, a first image is acquired, where the first image includes first PRNU information corresponding to a camera of a sign-up terminal.
In the embodiment of the invention, due to the production process, the camera has some digital imaging defects, the defects are represented in an image shot by the camera and can be called as Photo Response Non-Uniformity (PRNU) information of the camera, and the PRNU of each camera is different. For example, PRNU information for a camera may include that in an image captured by the camera, the color value of the pixel at position a is lower than the true color value of the object by an approximately fixed value, and the color value of the pixel at position B is higher than the true color value of the object by an approximately fixed value. Since the PRNU information corresponding to different cameras is different, the PRNU information can be used as identification information for distinguishing the cameras, and further, different terminals can be identified according to the PRNU information of the cameras.
In the embodiment of the invention, the first image can be acquired by using the camera of the signing terminal. In other embodiments of the present invention, the first image may further include detection information, where the detection information is used to ensure that the first image is damaged after the first PRNU information is extracted, so as to ensure that the first image can only be extracted once with the first PRNU information, thereby ensuring security of the first image during transmission. In other embodiments of the present invention, the probe information may be added to the first image using software techniques.
Step S302, first biological identification information corresponding to a first communication account logged in a signing terminal is obtained.
In the embodiment of the present invention, the subscribing terminal may provide multiple Applications (APPs), and illustratively, the subscribing terminal may have multiple clients installed thereon. The user using the signed terminal can input the name of the communication account or the service account to log in the client on the signed terminal.
In the embodiment of the present invention, the biometric information may be acquired by a camera or a biometric information acquisition device. The biometric information may be a face, a fingerprint, an iris, a sound wave, etc. The biometric information may serve as a password to authenticate the communication account. For example, the first biometric information may be a password for logging in the first communication account to the client on the sign-up terminal. In other embodiments of the present invention, the first biometric information may also be used as an identifier of the first communication account.
Step S303, acquiring an electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for representing authorization information which allows the signed terminal to execute the first service operation when the communication account logged in on the signed terminal is the first communication account.
In an embodiment of the present invention, the acquiring the electronic certificate according to the first PRNU information and the first biometric information may be implemented in the following manner.
In a first embodiment, the subscribing terminal may directly obtain the unencrypted electronic certificate according to the first PRNU information and the first biometric information.
In an example, the subscribing terminal may send an electronic credential generation request to a server, where the electronic credential generation request may include: a first image containing the first PRNU information, and an identification of a subscribing terminal. After receiving the electronic certificate generation request, the server extracts the first PRNU information from the first image, searches the signing PRNU information corresponding to the identifier of the signing terminal from a memory of the server according to the identifier of the signing terminal, then compares the first PRNU information with the signing PRNU information, if the comparison result is consistent, confirms that the verification is successful, namely confirms that the electronic certificate generation request is sent by the signing terminal, and after the verification is successful, the server can generate the electronic certificate corresponding to the signing terminal and send the electronic certificate to the signing terminal. In other embodiments of the present invention, the signing PRNU information corresponding to the signing terminal may be sent to the server by the signing terminal before sending the electronic certificate generation request to the server, and stored in its own memory by the server.
In the second embodiment, the signing terminal may first acquire the encrypted electronic certificate according to the first PRNU information and/or the first biometric information, and then acquire the decrypted electronic certificate according to the first PRNU information and/or the first biometric information.
The encrypted electronic certificate may be encrypted by the server according to PRNU information corresponding to the subscribing terminal and then sent to the subscribing terminal, where the PRNU information corresponding to the subscribing terminal may be the first PRNU information or the subscribing PRNU information of the subscribing terminal stored in the server itself.
In an example, the subscribing terminal may send an electronic credential generation request to a server, where the electronic credential generation request may include: the identification of the signing terminal, the identification of the first communication account and the first biological identification information. After receiving the electronic certificate generation request, the server queries signing biological identification information corresponding to the first communication account from a memory of the server according to the identifier of the first communication account, compares the first biological identification information with the signing biological identification information, if the comparison result is consistent, the verification is confirmed to be successful, namely the electronic certificate generation request is confirmed to be sent by a signing terminal logged with the first communication account, and an electronic certificate is generated.
In another example, the subscribing terminal may send an electronic voucher generation request to the server, wherein the electronic voucher generation request may include: a first image containing the first PRNU information, and an identification of a subscribing terminal. After receiving the electronic certificate generation request, the server extracts the first PRNU information from the first image, searches the signing PRNU information corresponding to the identifier of the signing terminal from a memory of the server according to the identifier of the signing terminal, then compares the first PRNU information with the signing PRNU information, if the comparison result is consistent, confirms that the verification is successful, namely confirms that the electronic certificate generation request is sent by the signing terminal, and after the verification is successful, the server can also take the PRNU information corresponding to the signing terminal as an encryption key, encrypt the electronic certificate, and send the encrypted electronic certificate to the signing terminal. The PRNU information corresponding to the signing terminal may be the first PRNU information or the signing PRNU information of the signing terminal stored in the server itself, and the biometric information corresponding to the first communication account may be the first biometric information or the signing biometric information of the first communication account stored in the server itself.
In yet another example, the subscribing terminal may send an electronic voucher generation request to the server, wherein the electronic voucher generation request may include: the first image containing the first PRNU information, and an identifier of a signing terminal, an identifier of a first communication account, and first biometric information. After receiving the electronic certificate generation request, the server extracts the first PRNU information from the first image, searches the server's own memory for the signing PRNU information corresponding to the identifier of the signing terminal based on the identifier of the signing terminal, searches the server's own memory for the signing biometric information corresponding to the identifier of the first communication account based on the identifier of the first communication account, compares the first PRNU information with the signing PRNU information, compares the first biometric information with the signing biometric information, and if the comparison result is consistent, confirms that the verification is successful, that is, confirms that the electronic certificate generation request is sent by the signing terminal registered with the first communication account, and after the verification is successful, the server may use the PRNU information corresponding to the signing terminal and/or the biometric information corresponding to the first communication account as the encryption key, and encrypting the electronic certificate and sending the encrypted electronic certificate to the signing terminal. The PRNU information corresponding to the signing terminal may be the first PRNU information or the signing PRNU information of the signing terminal stored in the server itself, and the biometric information corresponding to the first communication account may be the first biometric information or the signing biometric information of the first communication account stored in the server itself.
For example, the server may encrypt the electronic certificate using PRNU information corresponding to the signing terminal as an encryption key, and send the encrypted electronic certificate to the signing terminal; alternatively, the server may encrypt the electronic certificate using the biometric information corresponding to the first communication account as an encryption key, and transmit the encrypted electronic certificate to the signing terminal.
In the embodiment of the present invention, after acquiring the encrypted electronic certificate, the signing terminal may decrypt the encrypted electronic certificate by using the first PRNU information as a decryption key, so as to obtain the decrypted electronic certificate. Alternatively, the subscribing terminal may capture a second image using the camera, extract the second PRNU information from the second image, and then obtain the decrypted electronic voucher using the second PRNU information as a decryption key.
In other embodiments of the present invention, the server may also use another key that is negotiated with the subscribing terminal in advance as the encryption key to encrypt the electronic certificate.
Step S304, according to the electronic certificate, executing a first business operation.
In the embodiment of the present invention, after acquiring the electronic certificate, the subscribing terminal may extract the identifier of the first service operation from the electronic certificate, and then execute the first service operation on the subscribing terminal. The first service operation may be, for example, opening an application on the contracted terminal or using a sub-function in the application, or the like. For example, the application program may be an open game application, a payment application, a communication application, a sub-function in the game application may be, for example, a paid game scene, a game scene that only allows a specific user to open, or the like, a sub-function in the payment application may be, for example, a password-free payment function, or the like, and a sub-function in the communication application may be, for example, an open video call function, or the like.
In other embodiments of the present invention, the encrypted electronic certificate may be received from the server, or may be read from a memory of the subscribing terminal itself. And after the signing terminal decrypts the encrypted electronic certificate to obtain a decrypted electronic certificate and executes a first service operation according to the decrypted electronic certificate, the signing terminal can delete the decrypted electronic certificate so as to re-execute the steps of acquiring the first image and the first biological identification information corresponding to the first communication account and acquiring the electronic certificate according to the first PRNU information and the first biological identification information in the first image when the subsequent first service operation needs to be executed.
In other embodiments of the present invention, before acquiring the electronic certificate generation request, the subscribing terminal may acquire a service request, where the service request may be initiated by a user in a client on the subscribing terminal, and the service request may be used to request the subscribing terminal to execute a first service operation, and then the subscribing terminal may acquire the electronic certificate according to the service request. In other embodiments of the present invention, the signing terminal may send an electronic certificate generation request to the server, where the electronic certificate generation request carries an identifier of the first service operation, so that the server generates an electronic certificate that includes the authorization information allowing the signing terminal to execute the first service operation after successfully verifying the identity of the signing terminal.
In other embodiments of the present invention, the server may further perform secondary encryption on the electronic certificate encrypted according to the PRNU information corresponding to the sign-up terminal as the encryption key by using the pre-negotiated public key, and send the electronic certificate subjected to secondary encryption to the sign-up terminal. Correspondingly, after receiving the electronic certificate subjected to secondary encryption, the signing terminal can firstly perform primary decryption on the electronic certificate subjected to secondary encryption according to a pre-negotiated private key corresponding to the public key, and then can perform secondary decryption on the electronic certificate subjected to primary decryption by taking PRNU information corresponding to the signing terminal as a decryption key of the secondary decryption to obtain an original electronic certificate subjected to secondary decryption.
In the embodiment of the present invention, with the above scheme, a first image is obtained, where the first image includes first optical response imbalance PRNU information corresponding to a camera of the sign terminal; acquiring first biological identification information corresponding to a first communication account logged in a signing terminal; acquiring an electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for indicating authorization information which allows a first business operation to be executed on the signing terminal when a communication account logged on the signing terminal is a first communication account; and executing the first business operation according to the electronic certificate. The technical scheme provided by the embodiment of the invention can prevent the electronic certificate from being embezzled.
In other embodiments of the present invention, on one hand, after the server generates the electronic certificate to be issued to the signing terminal, the server encrypts the electronic certificate using the PRNU information of the signing terminal as the input parameter of the encryption algorithm, and then sends the electronic certificate to the signing terminal, so that the security during the transmission process of issuing the electronic certificate to the signing terminal can be ensured. On the other hand, when the signing terminal needs to use the electronic certificate to request the service right from the server, the PRNU information of the signing terminal can be used as the input parameter of the encryption algorithm to encrypt the electronic certificate, and then the electronic certificate is sent to the server, so that the encrypted electronic certificate for obtaining the service right can be sent to the server by the signing terminal corresponding to the electronic certificate, and the electronic certificate can be guaranteed to be used only on the signing terminal.
An embodiment of the present invention provides an electronic certificate processing method, where an execution subject in the embodiment of the present invention may be a server, and fig. 4 is a flowchart illustrating the electronic certificate processing method according to the embodiment of the present invention, and as shown in fig. 4, the method may include the following steps:
step S401, receiving an electronic certificate generation request sent by a signing terminal; wherein the electronic certificate generation request may include: the method comprises the steps of signing a terminal identification, a first image collected on the signing terminal, a first communication account identification logged in the signing terminal and first biological identification information corresponding to the first communication account.
In other embodiments of the present invention, the electronic certificate generation request may further include an identification of the first business operation.
In step S402, first PRNU information is extracted from the first image.
Wherein the server may extract the first PRNU information from the first image using a PRNU extraction algorithm.
Step S403, generating an electronic certificate according to the first PRNU information and the first biometric information, where the electronic certificate is used to indicate authorization information that allows the signing terminal to execute the first service operation when the communication account logged in the signing terminal is the first communication account.
The details of the technical solution of this step can be referred to the description in step S303.
And step S404, sending the electronic certificate to the signing terminal.
The details of the technical solution of this step can be referred to the description in step S303.
The technical concept, technical solution details and technical effects in the embodiment of the present invention can be seen from the related description in the embodiment shown in fig. 3.
The embodiment of the invention provides an electronic certificate processing method. Fig. 5 is a first schematic interaction flow diagram of an electronic certificate processing method according to an embodiment of the present invention, as shown in fig. 5, the method may include the following steps:
step S501, the sign-up terminal acquires a first image, where the first image includes first PRNU information corresponding to a camera of the sign-up terminal.
Wherein the step is similar to step S301.
Step S502, the signing terminal acquires first biological identification information corresponding to the first communication account.
Wherein the step is similar to step S302.
Step S504, the server verifies the identity of the signing terminal and the first communication account according to the first image and/or the first biological identification information.
Wherein the step may participate in the description in step S303.
And step S505, after the server successfully verifies the identity, generating the electronic certificate.
The server can generate the electronic certificate without encryption after the identity authentication is successful. In other embodiments of the present invention, the server may encrypt the electronic certificate with PRNU information corresponding to the signing terminal and/or biometric information corresponding to the first communication account to obtain an encrypted electronic certificate. The encrypted electronic certificate acquisition method may participate in the description in step S303.
In other embodiments of the present invention, steps S504 and S505 are not necessarily performed steps. For example, the server may not perform authentication on the signing terminal and the first communication account, but directly generate the electronic certificate after receiving the electronic certificate generation request, encrypt the electronic certificate by using PRNU information corresponding to the signing terminal and/or biometric information corresponding to the first communication account as an encryption key, obtain the encrypted electronic certificate, and directly send the encrypted electronic certificate to the signing terminal.
Step S506, the server sends the electronic certificate to the signing terminal.
The server can directly send the unencrypted certificate to the signing terminal, and can also send the encrypted electronic certificate to the signing terminal.
Step S507, the signing terminal extracts authorization information of the first service operation from the electronic certificate, and executes the first service operation.
If the server sends the encrypted electronic certificate to the signing terminal, the signing terminal can decrypt the electronic certificate according to the PRNU information corresponding to the signing terminal and/or the biometric information corresponding to the first communication account to obtain the decrypted electronic certificate. The PRNU information corresponding to the signing terminal may be first PRNU information, or may be second PRNU information extracted from a second image acquired by the signing terminal using a camera; the biometric information corresponding to the first communication account may be first biometric information, or may be second biometric information extracted from second biometric information collected by the subscription terminal using the biometric device.
It should be noted that the decryption key used by the subscribing terminal should correspond to the encryption key used by the server. For example, when the server encrypts by using the PRNU information, the signing terminal decrypts by using the PRNU information; when the server adopts the biological identification information for encryption, the signing terminal adopts the biological identification information for decryption; if the server adopts the PRNU information to encrypt for the first time and adopts the biological identification information to encrypt for the second time, the signing terminal adopts the biological identification information to decrypt for the first time and adopts the PRNU information to decrypt for the second time.
In this way, in the embodiment of the present invention, since the terminal that has not signed the electronic certificate service cannot obtain the PRNU information of the signed terminal that has signed the electronic certificate service, it is ensured that the electronic certificate is only allowed to be used by the signed terminal, and further, since the biometric information of the first communication account that has encrypted or decrypted the electronic certificate at the signed terminal is collected by the signed terminal, it is ensured that the electronic certificate is only allowed to be used by the first communication account that has been logged in the signed terminal. Therefore, the electronic certificate acquisition mode provided by the embodiment of the invention can prevent the electronic certificate from being stolen by a terminal which does not sign the electronic certificate service or a communication account or a user which does not sign the electronic certificate service in the transmission process of the electronic certificate and the use process of the electronic certificate.
Other technical scheme details and technical effects of the embodiment of the invention can refer to the relevant descriptions in other embodiments of the invention.
The embodiment of the invention provides an electronic certificate processing method. Fig. 6 is a schematic interaction flow diagram of a second electronic certificate processing method according to an embodiment of the present invention, and as shown in fig. 6, the method may include the following steps:
step S601, the signing terminal acquires a first image by using its own camera.
The signing terminal can shoot a first image by using a camera of the signing terminal.
In an embodiment of the present invention, the acquiring a first image by using a camera of the camera may further include: shooting a second image by using a camera of the signing terminal; and adding the detection signal into the second image to obtain a first image, wherein the detection information is used for being damaged after PRNU information of the signing terminal is acquired according to the first image. That is, when an illegal server intercepts the first image and extracts the PRNU information from the first image, the probe information in the first image is destroyed. After the server receives the first image, whether the detection information is damaged or not can be confirmed, and if the detection information is not damaged, the first image can be confirmed not to be intercepted or modified by an illegal server.
Step S602, the signing terminal collects first biometric information corresponding to the first communication account.
In other embodiments of the present invention, the biometric information collecting device may be a fingerprint collecting device, an iris collecting device, a face recognizing device, a sound wave collecting device, or the like.
Step S603, the signing terminal sends an electronic voucher generating request to the server, where the electronic voucher generating request carries the first image and the first biometric information.
The signing terminal may encrypt the first image carried in the electronic certificate generation request by using a public key and an encryption algorithm negotiated with the server in advance.
In step S604, the server extracts first PRNU information corresponding to the contracting terminal from the first image.
The server may extract, from the first image, first PRNU information corresponding to the signing terminal, that is, PRNU information of a camera of the signing terminal, by using a PRNU extraction algorithm.
In other embodiments of the present invention, the server may decrypt the first image carried in the electronic certificate generation request by using a private key and a decryption algorithm corresponding to a public key agreed in advance by the signing terminal, so as to obtain the decrypted first image.
Step S605, the server performs validity check on the electronic certificate generation request according to the first biometric information carried in the electronic certificate generation request and/or the first PRNU information corresponding to the signing terminal extracted from the first image, and if the check is passed, executes step S606.
In the embodiment of the present invention, the validity checking process may include:
the server compares the biological identification information carried in the electronic certificate generation request with signing biological identification information corresponding to a first communication account stored in the server in advance; and/or comparing the first PNRU information extracted from the first image with signing PNRU information corresponding to the signing terminal stored by the server.
If the comparison result is consistent, the validity check of the electronic certificate generation request can be confirmed to be passed.
In another embodiment of the present invention, before the performing the validity check on the electronic certificate generation request according to the first biometric information carried in the electronic certificate generation request and/or the first PRNU information corresponding to the signing terminal extracted from the first image, the method may include:
judging whether the detection information in the first image is damaged or not;
and if the detection signal is not damaged, performing the step of verifying the validity of the electronic certificate generation request according to at least one of the first biological identification information carried in the electronic certificate generation request and the first PRNU information corresponding to the signing terminal extracted from the first image.
Step S606, the server generates an electronic certificate of the sign-up terminal.
The server can generate the electronic certificate of the signing terminal according to the service authority signed by the signing terminal and the electronic certificate generation algorithm which are stored in the server in advance. In other embodiments of the present invention, the electronic certificate generation request may also carry a service right to be requested, and then the server may generate the electronic certificate of the signing terminal according to the service right requested by the signing terminal.
In step S607, the server encrypts the electronic certificate of the signing terminal using the first PRNU information corresponding to the signing terminal as an encryption key, to obtain the electronic certificate for use on the signing terminal.
Wherein the step is similar to S301.
Step S608, the server sends the encrypted electronic certificate to the signing terminal.
Wherein the step is similar to S302. In other embodiments of the present invention, the encrypted electronic certificate may further set a validity period of use, and after the validity period of use is overtime, the signing terminal may resend the electronic certificate to the server to obtain the service right corresponding to the electronic certificate, as described in the following steps.
And step S609, the signing terminal shoots a third image by using a camera of the signing terminal, and extracts third PRNU information corresponding to the signing terminal from the third image.
And step S610, the signing terminal decrypts the encrypted electronic certificate by using the third PRNU information as a decryption key to obtain the decrypted electronic certificate.
In the embodiment of the invention, after the signing terminal obtains the decrypted electronic certificate, the first communication account can be allowed to use the service authority corresponding to the electronic certificate on the signing terminal. For example, the business authority may be to allow the address book to be opened, to allow some client applications to be used, or to purchase goods using a coupon.
In another embodiment of the present invention, if the server encrypts the electronic certificate using the biometric information corresponding to the first communication account and the PRNU corresponding to the sign-up terminal as encryption keys, and then sends the encrypted electronic certificate to the sign-up terminal, the server may further include:
collecting third biological identification information of the first communication account; and decrypting the encrypted electronic certificate by using the third PRNU information and the third biological identification information as decryption keys to obtain the decrypted electronic certificate.
In other embodiments of the present invention, in order to prevent the electronic certificate acquired by the signed terminal from being acquired by other users, and further cause the electronic certificate to be stolen by other users or other terminals that do not sign the electronic certificate service, the electronic certificate acquisition method provided in the embodiments of the present invention may further include the following steps.
The signing terminal may capture a fourth image and extract fourth PRNU information from the fourth image, and at the same time, acquire fourth biometric information of the user corresponding to the first communication account, encrypt the electronic certificate according to the fourth PRNU information and the fourth biometric information, add the encrypted electronic certificate to the service request, and send the service request to the server, after the server receives the service request, the server may decrypt the electronic certificate using the signing PRNU information of the signing terminal and the signing biometric information of the first communication account stored in the server, and if decryption is successful, provide the service corresponding to the requested service authority to the signing terminal.
It should be noted that the first image, the second image, the third image, and the fourth image acquired in the embodiment of the present invention are all images acquired in a non-completely dark environment, and for example, when the first image, the second image, the third image, and the fourth image are taken, the camera cannot be completely shielded, or cannot be taken in a completely dark environment.
In other embodiments of the present invention, the following embodiments may also be adopted in the steps S601 and S602. Firstly, a user can operate an application on a signed terminal by using a client, for example, the user logs in the client by using a first communication account; then, the client can collect the first biological identification information of the user; then, verifying the first communication account used by the user using the client according to signing biological identification information of the first communication account locally pre-stored in the signing terminal; if the first communication account is determined to be successfully verified according to the collected first biological identification information, that is, the first communication account used by the user logging in the client is a legal first communication account is determined, and the user to which the first biological identification information belongs is a legal user corresponding to the first communication account. After the communication account is successfully verified, the signing terminal can acquire a first image by using a camera and embed first biological identification information and a detection signal into the first image; and finally, carrying the first image in an electronic certificate generation request and sending the electronic certificate generation request to a server. In an example, the signing terminal may further encrypt the first image by using a public key, and then send the encrypted first image to the server in an electronic certificate generation request. In yet another example, the step of embedding the first biological identification information into the first image may be implemented by superimposing the image of the first biological identification information on the first image.
Accordingly, the step S605 may also adopt the following embodiments. First, after receiving the electronic certificate generation request, the server may decrypt the encrypted first image with a private key corresponding to the public key to obtain a decrypted first image, then extract the first PRNU information and the first biometric information of the first communication account from the first image with a PRNU extraction algorithm, then perform validity check on the first biometric information and the first PRNU information corresponding to the sign terminal, and if the first biometric information matches the sign biometric information of the first communication account stored in the server itself and the first PRNU information matches the sign terminal information corresponding to the sign terminal stored in the server itself, confirm that the check is passed, and then perform step S606.
Other technical scheme details and technical effects of the embodiment of the invention can refer to the relevant descriptions in other embodiments of the invention.
In the embodiment of the invention, a researcher finds that the model of the smart phone can be identified by analyzing a single picture taken by equipment. Researchers have focused on a digital imaging defect called photo-response non-uniformity (PRNU). The sensor of each camera causes small variations at imperfections in the manufacturing process, which can lead to the occurrence of light response non-uniformities. These variations may cause millions of pixels in the camera sensor to project colors that are slightly brighter or darker than normal, resulting in regular noise appearing in the picture taken, which is invisible to the naked eye but can be extracted through special filters. Also, the noise pattern of each camera is unique.
At present, electronic certificates used on a mobile phone are easy to be forged or stolen, such as a string of ID, two-dimensional code, electronic identity card and the like, binding of mobile phone equipment and the electronic certificates can be realized by utilizing the optical response nonuniformity of a camera sensor, unique correspondence between the mobile phone equipment and the electronic certificates is realized by utilizing the current shot pictures of the mobile phone, such as specific object pictures and human faces, and the mobile phone equipment is verified by utilizing the algorithm of the electronic certificates and the optical response nonuniformity, so that the electronic certificates are prevented from being stolen or being taken by theft. Namely, the electronic certificate can be only used on the equipment by utilizing the light response nonuniformity of the equipment camera, and in addition, the mobile phone equipment can be corresponding to the user by utilizing other biological identification modes such as a human face mode, a fingerprint mode and an iris mode.
In the embodiment of the present invention, the process of acquiring the electronic certificate may include: the client application on the signing terminal carries out biological identification, such as fingerprint identification, face identification and the like, automatic photographing is carried out after identification and verification are successful, biological identification information and detection signals are embedded into a photographed picture, the detection signals are disposable, the picture can be guaranteed not to be modified by other hackers, and the detection information in the picture can be damaged after the PRNU of the picture is read once. And encrypting the picture of the embedded detection signal by a public key and then sending the picture to a server, decrypting the picture by the server by using a private key, checking the detection signal, and extracting the PRNU and the biological identification information. And the server matches the extracted PRNU and the biometric information with the PRNU and the biometric information registered by the user, and after the matching is successful, the electronic certificate is manufactured, and the manufactured electronic certificate is encrypted by a specific encryption algorithm with the PRNU as a parameter and is sent to the signing terminal. And after receiving the encrypted electronic certificate, the client on the signing terminal automatically takes a picture, calculates a decryption key through an algorithm by taking the picture as input, and can decrypt the electronic certificate if the calculated key is correct.
An embodiment of the present invention provides a terminal, where the terminal may be a subscription terminal, and fig. 7 is a schematic structural diagram of the terminal provided in the embodiment of the present invention, and as shown in fig. 7, the terminal 700 at least includes: a processor 701, a memory 702, an interface 703 and a bus 704, wherein:
the memory 702 is used for storing an electronic certificate processing program;
the bus 704 is used for realizing connection communication between the processor and the memory;
the processor 701 is configured to execute the electronic certificate processing program stored in the memory, so as to implement the following steps: acquiring a first image, wherein the first image comprises first optical response imbalance (PRNU) information corresponding to a camera of a signing terminal; acquiring first biological identification information corresponding to a first communication account logged in a signing terminal; acquiring an electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for indicating authorization information which allows a first business operation to be executed on the signing terminal when a communication account logged on the signing terminal is a first communication account; and executing the first business operation according to the electronic certificate.
Other technical scheme details and technical effects of the embodiment of the invention can refer to the relevant descriptions in other embodiments of the invention.
Fig. 8 is a schematic structural diagram of a second network device provided in an embodiment of the present invention, and as shown in fig. 8, the network device 800 at least includes: a processor 801, a memory 802, an interface 803, and a bus 804, wherein:
the memory 802 is used for storing an electronic certificate processing program;
the bus 804 is used for realizing connection communication between the processor and the memory;
the processor 801 is configured to execute the electronic certificate processing program stored in the memory, so as to implement the following steps: receiving an electronic certificate generation request sent by a signing terminal, wherein the electronic certificate generation request comprises: the method comprises the steps that an identifier of a signing terminal, a first image collected on the signing terminal, an identifier of a first communication account logged in the signing terminal and first biological identification information corresponding to the first communication account are obtained; extracting first PRNU information from a first image; generating an electronic certificate according to the first PRNU information and the first biological identification information, wherein the electronic certificate is used for indicating authorization information which allows the signing terminal to execute a first service operation when a communication account logged in on the signing terminal is a first communication account; and sending the electronic certificate to the signing terminal.
It should be noted that the description of the above network device embodiment is similar to the description of the above method embodiment, and has similar beneficial effects to the method embodiment, and therefore, the description is not repeated. For technical details not disclosed in the embodiments of the network device of the present invention, reference is made to the description of the embodiments of the method of the present invention for understanding.
An embodiment of the present invention provides a computer-readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement the steps of: acquiring a first image, wherein the first image comprises first optical response imbalance (PRNU) information corresponding to a camera of a signing terminal; acquiring first biological identification information corresponding to a first communication account logged in a signing terminal; acquiring an electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for indicating authorization information which allows a first business operation to be executed on the signing terminal when a communication account logged on the signing terminal is a first communication account; and executing the first business operation according to the electronic certificate.
An embodiment of the present invention provides a computer-readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement the steps of: receiving an electronic certificate generation request sent by a signing terminal, wherein the electronic certificate generation request comprises: the method comprises the steps that an identifier of a signing terminal, a first image collected on the signing terminal, an identifier of a first communication account logged in the signing terminal and first biological identification information corresponding to the first communication account are obtained; extracting first PRNU information from a first image; generating an electronic certificate according to the first PRNU information and the first biological identification information, wherein the electronic certificate is used for indicating authorization information which allows the signing terminal to execute a first service operation when a communication account logged in on the signing terminal is a first communication account; and sending the electronic certificate to the signing terminal.
It should be noted that one or more programs in the embodiment of the present invention may be electronic certificate processing programs used when acquiring an electronic certificate in other embodiments.
It should be noted that the description of the computer-readable storage medium is similar to the description of the method embodiment, and has similar beneficial effects to the method embodiment, and therefore, the description is not repeated. For technical details not disclosed in the embodiments of the computer-readable storage medium of the present invention, reference is made to the description of the embodiments of the method of the present invention.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method described in the embodiments of the present invention.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. An electronic certificate processing method is applied to a signing terminal, and the method comprises the following steps:
acquiring a first image, wherein the first image comprises first optical response imbalance (PRNU) information and detection information corresponding to a camera of the signing terminal;
if the first image is determined not to be intercepted or modified by an illegal terminal based on the detection information, acquiring first biological identification information corresponding to a first communication account logged in the signing terminal;
acquiring the electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for representing authorization information which allows a first business operation to be executed on the signing terminal when a communication account logged in on the signing terminal is the first communication account;
and executing the first business operation according to the electronic certificate.
2. The method of claim 1, wherein the obtaining the electronic credential based on the first PRNU information and the first biometric information comprises:
sending an electronic certificate generation request to a server, the electronic certificate generation request comprising: an identity of the subscribing terminal, the first image including the first PRNU information, an identity of the first communication account, and the first biometric information;
receiving the electronic certificate sent by the server;
and the electronic certificate is generated when the server performs identity verification on the signing terminal and the first communication account according to the first PRNU information and the first biological identification information and the verification is successful.
3. The method of claim 1, wherein the obtaining the electronic credential based on the first PRNU information and the first biometric information comprises:
acquiring the encrypted electronic certificate, wherein the encrypted electronic certificate is obtained by encrypting the electronic certificate by using signing PRNU information corresponding to the signing terminal and/or signing biological identification information corresponding to the first communication account as an encryption key by a server;
decrypting the encrypted electronic certificate by using the first PRNU information and/or the first biological identification information as a decryption key to obtain the decrypted electronic certificate;
the PRNU information corresponding to the signing terminal is the first PRNU information or the signing PRNU information of the signing terminal stored in the server itself, and the biometric information corresponding to the first communication account is the first biometric information or the signing biometric information of the first communication account stored in the server itself.
4. The method of claim 3, wherein the obtaining the encrypted electronic certificate comprises:
sending an electronic credential generation request to the server, the electronic credential generation request comprising: an identity of the subscribing terminal, the first image including the first PRNU information, an identity of the first communication account, and the first biometric information;
receiving the encrypted electronic certificate sent by the server;
and when the server performs identity verification on the signing terminal and the first communication account according to the first PRNU information and the first biological identification information and the verification is successful, the encrypted electronic certificate is obtained by encrypting the electronic certificate by using the signing PRNU information corresponding to the signing terminal and/or the signing biological identification information corresponding to the first communication account as an encryption key.
5. An electronic certificate processing method, applied to a server, the method comprising:
receiving an electronic certificate generation request sent by a signing terminal, wherein the electronic certificate generation request comprises: the signing terminal comprises an identifier of the signing terminal, a first image collected on the signing terminal, an identifier of a first communication account logged in the signing terminal and first biological identification information corresponding to the first communication account;
extracting first PRNU information from the first image; the first image is an image which is determined by the signing terminal not to be intercepted or modified by an illegal terminal based on detection information in the first image;
generating an electronic certificate according to the first PRNU information and the first biological identification information, wherein the electronic certificate is used for representing authorization information for allowing the signing terminal to execute a first service operation when a communication account logged in the signing terminal is the first communication account;
and sending the electronic certificate to the signing terminal.
6. The method of claim 5, wherein generating an electronic credential based on the first PRNU information and the first biometric information comprises:
according to the first PRNU information and the first biological identification information, identity verification is carried out on the signing terminal and the first communication account;
and when the identity verification is successful, generating the electronic certificate.
7. The method of claim 5, wherein generating the electronic certificate when the identity verification is successful comprises:
when the identity verification is successful, encrypting the electronic certificate by taking PRNU information corresponding to the signing terminal and/or biological identification information corresponding to the first communication account as an encryption key to obtain an encrypted electronic certificate;
sending the encrypted electronic certificate to the signing terminal;
the PRNU information corresponding to the signing terminal is the first PRNU information or the signing PRNU information of the signing terminal stored by the server; the biometric information corresponding to the first communication account is the first biometric information or the signing biometric information of the first communication account stored by the server.
8. A terminal, characterized in that the terminal is a subscription terminal, and the subscription terminal at least includes: a memory, a communication bus, and a processor, wherein:
the memory is used for storing an electronic certificate processing program;
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is used for executing the electronic certificate processing program stored in the memory so as to realize the following steps:
acquiring a first image, wherein the first image comprises first optical response imbalance (PRNU) information and detection information corresponding to a camera of the signing terminal;
if the first image is determined not to be intercepted or modified by an illegal terminal based on the detection information, acquiring first biological identification information corresponding to a first communication account logged in the signing terminal;
acquiring the electronic certificate according to the first PRNU information and the first biological identification information; the electronic certificate is used for representing authorization information which allows a first business operation to be executed on the signing terminal when a communication account logged in on the signing terminal is the first communication account;
and executing the first business operation according to the electronic certificate.
9. A server, characterized in that the server comprises at least: a memory, a communication bus, and a processor, wherein:
the memory is used for storing an electronic certificate processing program;
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is used for executing the electronic certificate processing program stored in the memory so as to realize the following steps:
receiving an electronic certificate generation request sent by a signing terminal, wherein the electronic certificate generation request comprises: the signing terminal comprises an identifier of the signing terminal, a first image collected on the signing terminal, an identifier of a first communication account logged in the signing terminal and first biological identification information corresponding to the first communication account;
extracting first PRNU information from the first image; the first image is an image which is determined by the signing terminal not to be intercepted or modified by an illegal terminal based on detection information in the first image;
generating an electronic certificate according to the first PRNU information and the first biological identification information, wherein the electronic certificate is used for representing authorization information for allowing the signing terminal to execute a first service operation when a communication account logged in the signing terminal is the first communication account;
and sending the electronic certificate to the signing terminal.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon an electronic certificate processing program which, when executed by a processor, implements the steps of the electronic certificate processing method according to any one of claims 1 to 4, or which, when executed by a processor, implements the steps of the electronic certificate processing method according to any one of claims 5 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810680257.4A CN108923931B (en) | 2018-06-27 | 2018-06-27 | Electronic certificate processing method and device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810680257.4A CN108923931B (en) | 2018-06-27 | 2018-06-27 | Electronic certificate processing method and device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108923931A CN108923931A (en) | 2018-11-30 |
| CN108923931B true CN108923931B (en) | 2021-06-22 |
Family
ID=64424001
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810680257.4A Active CN108923931B (en) | 2018-06-27 | 2018-06-27 | Electronic certificate processing method and device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108923931B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109636559A (en) * | 2018-12-13 | 2019-04-16 | 杭州嘿马科技有限公司 | A kind of the signing method, apparatus and contracting terminal of obligatory contract |
| CN111125668A (en) * | 2019-09-30 | 2020-05-08 | 武汉信安珞珈科技有限公司 | Method and system for enhancing login security of Linux operating system based on mobile terminal |
| CN111222488B (en) * | 2020-01-15 | 2023-12-26 | 厦门熵基科技有限公司 | Method, device and storage medium for collecting biological characteristic information |
| CN113011883A (en) * | 2021-01-28 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
| CN112884958A (en) * | 2021-02-02 | 2021-06-01 | 福建随行软件有限公司 | Electronic certificate identification method and access control equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1532661A (en) * | 2003-03-20 | 2004-09-29 | ������������ʽ���� | Imformation providing and user verifying device, method, program and recording medium |
| CN103310141A (en) * | 2013-05-03 | 2013-09-18 | 周羽 | Method and system for monitoring of certificate information security |
| CN103532716A (en) * | 2013-10-10 | 2014-01-22 | 中国联合网络通信集团有限公司 | Electronic certificate realizing method, certificate management platform and voice authentication center |
| CN105741118A (en) * | 2016-02-14 | 2016-07-06 | 武汉大学 | Method and system for implementing electronic payment function through picture noise recognition |
| WO2016139462A1 (en) * | 2015-03-03 | 2016-09-09 | Cryptomathic Ltd | Method and system for encryption |
-
2018
- 2018-06-27 CN CN201810680257.4A patent/CN108923931B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1532661A (en) * | 2003-03-20 | 2004-09-29 | ������������ʽ���� | Imformation providing and user verifying device, method, program and recording medium |
| CN103310141A (en) * | 2013-05-03 | 2013-09-18 | 周羽 | Method and system for monitoring of certificate information security |
| CN103532716A (en) * | 2013-10-10 | 2014-01-22 | 中国联合网络通信集团有限公司 | Electronic certificate realizing method, certificate management platform and voice authentication center |
| WO2016139462A1 (en) * | 2015-03-03 | 2016-09-09 | Cryptomathic Ltd | Method and system for encryption |
| CN105741118A (en) * | 2016-02-14 | 2016-07-06 | 武汉大学 | Method and system for implementing electronic payment function through picture noise recognition |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108923931A (en) | 2018-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108923931B (en) | Electronic certificate processing method and device and computer readable storage medium | |
| CN109548018B (en) | Wireless network access method, device, equipment and system | |
| EP3989089A1 (en) | Face image transmission method and apparatus, numerical value transfer method and apparatus, and electronic device | |
| CN107145795B (en) | Screenshot method and device and computer equipment | |
| KR101502249B1 (en) | Device communication | |
| CN109033801B (en) | Method for verifying user identity by application program, mobile terminal and storage medium | |
| CN108616499B (en) | Authentication method of application program, terminal and computer readable storage medium | |
| CN108989322B (en) | Data transmission method, mobile terminal and computer readable storage medium | |
| CN110069229B (en) | Screen sharing method, mobile terminal and computer readable storage medium | |
| CN106981107A (en) | The unlocked by mobile telephone method and system of control of bluetooth access | |
| CN104967511A (en) | Processing method for enciphered data, and apparatus thereof | |
| CN108075899B (en) | Identity authentication method, mobile terminal and computer readable storage medium | |
| RU2603549C2 (en) | Verification method, device and system for protection against counterfeit | |
| CN108206892B (en) | Method and device for protecting privacy of contact person, mobile terminal and storage medium | |
| CN109255620B (en) | Encryption payment method, mobile terminal and computer readable storage medium | |
| CN105281907B (en) | Encrypted data processing method and device | |
| CN107276991B (en) | Method and device for loading Web page and computer readable storage medium | |
| CN109743696A (en) | Identifying code encryption method, system and readable storage medium storing program for executing | |
| CN108601062B (en) | WiFi connection sharing method, terminal and computer storage medium | |
| CN107317680B (en) | Method and system for marking safety account and computer readable storage medium | |
| CN108012270B (en) | Information processing method, equipment and computer readable storage medium | |
| US20230222843A1 (en) | Method and device for registering biometric feature | |
| CN107302526B (en) | System interface calling method, device and computer readable storage medium | |
| CN107395363B (en) | Fingerprint sharing method and mobile terminal | |
| CN107317804B (en) | Private cloud encrypted data access method, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |