CN108965250A - A kind of digital certificate installation method and system - Google Patents

A kind of digital certificate installation method and system Download PDF

Info

Publication number
CN108965250A
CN108965250A CN201810575697.3A CN201810575697A CN108965250A CN 108965250 A CN108965250 A CN 108965250A CN 201810575697 A CN201810575697 A CN 201810575697A CN 108965250 A CN108965250 A CN 108965250A
Authority
CN
China
Prior art keywords
service
digital certificate
storage environment
authentication
authentication mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810575697.3A
Other languages
Chinese (zh)
Other versions
CN108965250B (en
Inventor
林孝旦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201810575697.3A priority Critical patent/CN108965250B/en
Publication of CN108965250A publication Critical patent/CN108965250A/en
Application granted granted Critical
Publication of CN108965250B publication Critical patent/CN108965250B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Disclose a kind of digital certificate installation method and system.A kind of digital certificate installation method, this method comprises: determining target authentication mode and certified Information after business service terminates the service request for receiving client, by the authentication information and being sent to certificate server;Certificate server carries out authentication to certification main body according to the authentication information, and to business service end return authentication result;After the result that the certification that business service termination receives certificate server return passes through, digital certificate request is sent to authentication service;Certificate server generates according to the identity information carried in the request and returns to digital certificate to business service end;Digital certificate is issued to client by business service end, and specifies the target storage environment, so that client is by the digital certificate store to the target storage environment.

Description

A kind of digital certificate installation method and system
Technical field
This specification embodiment is related to technical field of internet application more particularly to a kind of digital certificate installation method and is System.
Background technique
In all kinds of business that internet carries out, in order to ensure the information security of user, it usually needs participate in each side of business (people, terminal device, server etc.) holds digital certificate.And it is perfect with mobile terminal device function, user relies on further By being installed on the various clients of mobile terminal device, all kinds of business in network are handled.Therefore, the prior art, needle are based on Different demands for security to the type of business abundant such as e-commerce, network finance need more fully mobile terminal device number Word certificate installation method.
Summary of the invention
In view of the above technical problems, this specification embodiment provides a kind of digital certificate installation method and system, technical side Case is as follows:
According to this specification embodiment in a first aspect, provide a kind of digital certificate installation method, this method comprises:
It is corresponding with authentication mode according to preset type of service after business service terminates the service request for receiving client Relationship determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to recognizing Card main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, by described Target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, number card is sent to authentication service Book is requested, and the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, according to the identity carried in the request Information generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage ring The corresponding relationship in border determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to Client, and specify the target storage environment, so that client is by the digital certificate store to the target storage environment.
According to the second aspect of this specification embodiment, a kind of digital certificate installation method is provided, is applied to business service End, this method comprises:
After the service request for receiving client, according to the corresponding relationship of preset type of service and authentication mode, determine The corresponding target authentication mode of the type of service of the service request;It obtains and certification main body is carried out by the target authentication mode The authentication information needed is authenticated, and by the authentication information and is sent to certificate server;
After receiving the result that the certification that certificate server returns passes through, digital certificate request is sent to authentication service, it should The identity information of the certification main body is carried in request;
After the digital certificate for receiving certificate server return, closed according to preset type of service is corresponding with storage environment System, determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to client, and is referred to Fixed target storage environment, so that client is by the digital certificate store to the target storage environment.
According to the third aspect of this specification embodiment, a kind of digital certificate installation method is provided, is applied to authentication service End, this method comprises:
After the authentication information for receiving the transmission of business service end, according to the authentication information, pass through the authentication information pair The target authentication mode answered carries out authentication to certification main body, and to business service end return authentication result;
After the digital certificate request for receiving the transmission of business service end, according to the certification main body carried in the request Identity information generates and returns to digital certificate to business service end.
According to the fourth aspect of this specification embodiment, a kind of digital certificate installation system is provided, which includes: business Server-side and certificate server;
It is corresponding with authentication mode according to preset type of service after business service terminates the service request for receiving client Relationship determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to recognizing Card main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, by described Target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, number card is sent to authentication service Book is requested, and the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, according to the identity carried in the request Information generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage ring The corresponding relationship in border determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to Client, and specify the target storage environment, so that client is by the digital certificate store to the target storage environment.
According to the 5th of this specification embodiment the aspect, a kind of digital certificate mounting device is provided, is applied to business service End, the device include:
Authentication mode determining module, for after receiving the service request of client, according to preset type of service with The corresponding relationship of authentication mode determines the corresponding target authentication mode of the type of service of the service request;
Authentication information sending module carries out certification needs to certification main body by the target authentication mode for obtaining Authentication information, and by the authentication information and it is sent to certificate server;
Digital certificate request module, for after the result that passes through of certification for receiving certificate server return, to certification Service sends digital certificate request, and the identity information of the certification main body is carried in the request;
Storage environment determining module, for receive certificate server return digital certificate after, according to preset industry The corresponding relationship of service type and storage environment determines the corresponding target storage environment of the type of service of the service request;
Digital certificate issues module, for the digital certificate to be issued to client, and specifies the target storage environment, with Make client by the digital certificate store to the target storage environment.
According to the 6th of this specification embodiment the aspect, a kind of digital certificate mounting device is provided, is applied to authentication service End, the device include:
Authentication module, according to the authentication information, is led to after receiving the authentication information that business service end is sent The corresponding target authentication mode of the authentication information is crossed, authentication is carried out to certification main body, and return and recognize to business service end Demonstrate,prove result;
Digital certificate generation module, after the digital certificate request for receiving the transmission of business service end, according to the request The identity information of the certification main body of middle carrying generates and returns to digital certificate to business service end.
Technical solution provided by this specification embodiment, business service end can be specifically according to this service requests Type of service judges security level required for this business, so that it is determined that the authentication mode of authentication and digital certificate Storage environment.Different authentication mode and storage environment is used in combination in business service end, realizes client with various different safety Rank installs digital certificate, meets the demand for security of the different stage of various different service types.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not This specification embodiment can be limited.
In addition, any embodiment in this specification embodiment does not need to reach above-mentioned whole effects.
Detailed description of the invention
In order to illustrate more clearly of this specification embodiment or technical solution in the prior art, below will to embodiment or Attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is only The some embodiments recorded in this specification embodiment for those of ordinary skill in the art can also be attached according to these Figure obtains other attached drawings.
Fig. 1 is the structural schematic diagram of the digital certificate installation system of this specification embodiment;
Fig. 2 is a kind of flow diagram of the digital certificate installation method of this specification embodiment;
Fig. 3 is another flow diagram of the digital certificate installation method of this specification embodiment;
Fig. 4 is another flow diagram of the digital certificate installation method of this specification embodiment;
Fig. 5 is the structural schematic diagram of the digital certificate mounting device applied to business service end of this specification embodiment;
Fig. 6 is the structural schematic diagram of the digital certificate mounting device applied to certificate server of this specification embodiment;
Fig. 7 is the structural schematic diagram for configuring a kind of equipment of this specification embodiment device.
Specific embodiment
In order to make those skilled in the art more fully understand the technical solution in this specification embodiment, below in conjunction with this Attached drawing in specification embodiment is described in detail the technical solution in this specification embodiment, it is clear that described Embodiment is only a part of the embodiment of this specification, instead of all the embodiments.The embodiment of base in this manual, Those of ordinary skill in the art's every other embodiment obtained, all should belong to the range of protection.
Digital certificate is that had authoritative by CA (Certificate Authority, certificate granting) authority releases Proof of identification, the identity of the main body for proving to participate in all kinds of business in internet, main body can be natural person, account, terminal Equipment, server etc..The number of the identity information that main body is contained in digital certificate, the public-key cryptography held and CA mechanism The information such as signature allow the both sides of information exchange in internet to identify the identity of other side, and guarantee information in transmission process In do not distorted by third party.
When main body is to CA mechanism application digital certificate, it is necessary first to authentication is carried out, for similar and different form Main body can carry out authentication by different modes, and the demand for security that different authentication modes is able to satisfy is also different.
After authentication passes through, CA mechanism will to the main body authorized Digital Certificate, and by the corresponding equipment of the main body into The installation to digital certificate is completed in row storage, can be directly using mounted number card in business processing later Book, without applying repeatedly.
With the development of the mobile terminals such as mobile phone, tablet computer, mobile terminal becomes the common equipment of user, also becomes normal Digital certificate store medium.Applied to the digital certificate of different business scene, there is different safety to need storage environment It asks, and is also typically present a variety of storage environments in mobile terminal, can satisfy different demands for security.
This specification embodiment provides a kind of digital certificate installation method, can be according to the demand for security of business scenario, intelligence The identification authentication mode and storage environment of security level meet demand can be matched.
In the embodiment of this specification, the process of digital certificate installation is related to client, business service end and certification clothes Business end, corresponding system architecture schematic diagram is as shown in Figure 1, include client device 10, business service end equipment 20 and certification clothes Business end equipment 20.Wherein, client device, that is, digital certificate mobile terminal device, business service end equipment and certification take The concrete form for end equipment of being engaged in, can be forms, the three terminal devices such as a specific server or server cluster can be by each The network implementations communication connection of kind form, this specification do not need this to be defined.
Fig. 2 is the interaction diagrams of digital certificate installation method that this specification embodiment provides, can specifically include with Lower step:
S201, after business service terminates the service request for receiving client, according to preset type of service and authentication mode Corresponding relationship, determine the corresponding target authentication mode of the type of service of the service request;Acquisition passes through the target authentication side Formula carries out authenticating required authentication information to certification main body, and by the authentication information and is sent to certificate server;
When user participates in a certain business by the client that mobile terminal is installed, client will be sent out to business service end Corresponding service request is sent, and business service end will install corresponding digital certificate according to the service request.
As described above, when digital certificate is installed, it is necessary first to authentication is carried out, and is directed to various forms of main bodys, Different authentication modes can be used.
For example, the modes such as verifying identity card, face, vocal print, iris can be used and authenticated when main body is natural person; Main body is that can be authenticated by modes such as verifying short messages when can be inserted into the terminal device of SIM card;It, can when main body is account It is authenticated in a manner of through verifying password etc.;Etc..
In addition, different business scenarios, the demand for security of business procession is not quite similar, and digital certificate is as identification Subject identity, a kind of means for ensureing information transmission, also not to the demand for security of the digital certificate for being applied to different business scene It is identical.For example, the business of the types such as e-commerce, demand for security is higher than the business of the types such as network social intercourse, and network government affairs Etc. types business, demand for security may be higher than e-commerce, etc. again.
The demand for security of digital certificate is mainly reflected in authentication mode and storage environment, and different authentication modes, With different security levels, different demands for security can satisfy.
For example, main body be natural person when, due to there may be identity card is usurped, verify simultaneously identity card with The authentication mode of face, than only verifying the authentication mode of identity card more comprehensively, thus it is safer, it can be used for security requirement Higher business scenario.
This illustrates the digital certificate mount scheme that embodiment provides, can be according to the type of service of service request, intelligent Authentication mode with security level meet demand.Therefore, business service end will be first according to preset type of service and authenticating party The corresponding relationship of formula determines the corresponding target authentication mode of the type of service of the service request.
Wherein, the corresponding relationship of type of service and authentication mode can be preset by developer.Such as government affairs type The authentication mode of business is natural person's certification, and the authentication mode of the business of social type is account certification, etc.;Or it limits small The authentication mode of the business of volume transaction is the rudimentary natural person certification for verifying identity card, and the authentication mode of block trade business is to test Demonstrate,prove the advanced natural person certification, etc. of identity card, face and vocal print.This specification embodiment is set not to specific corresponding to relationship It is defined, those skilled in the art can neatly set according to the actual situation.
It is understood that developer can be directed to different types of service, corresponding authentication side is preset Formula, but due to the difference of the software of terminal device and hardware configuration, there are areas for the authentication mode that different terminal equipment can be supported Not.
Therefore, in order to avoid the efficiency of raising authentication, most suitable authentication mode is matched for service request, in this theory In a kind of specific embodiment of bright book embodiment, the locally-supported authentication mode of client can be detected first, is obtained at least One kind can determine the service request then according to the corresponding relationship of preset type of service and authentication mode with authentication mode The corresponding preferred authentication mode of type of service.
If described can include the preferred authentication mode with authentication mode, the preferred authentication mode is determined as target Authentication mode;If described can not include the preferred authentication mode with authentication mode, according to preset authentication mode safety level Not and authentication mode is postponed rule, determines target authentication mode.
For example, the security level of authentication mode can be preset from high to low successively are as follows: advanced natural person's certification, middle rank are natural People's certification, rudimentary natural person certification, account number cipher certification and equipment short message certification, authentication mode postpone rule to postpone supreme one The authentication mode of grade.If terminal device is tablet computer, will test to 4 kinds can use authentication mode, be determined according to corresponding relationship The registration business of the lower social application of certain demand for security, corresponding first choice authentication mode is equipment short message certification, and plate is electric Brain is not available SIM card because therefore, will postpone and determine that target authentication mode is higher leveled without holding equipment short message certification Account number cipher certification.
After determining target authentication mode, it can further obtain authenticate by target authentication mode and required recognize Information is demonstrate,proved, to be authenticated.
Certainly, according to noted earlier, identical business is authenticated if before, or in similar business field Identical type of service is authenticated in scape, then there is the case where client has been mounted with respective digital certificate, in order to Avoiding repetition from installing influence business processing efficiency can be in determination in a kind of specific embodiment of this specification embodiment After target authentication mode, first detect whether to be mounted with respective digital certificate.
Specifically, it is first determined the certification main body of the target authentication mode, each authentication mode have its corresponding certification Main body, such as natural person certification certification main body be natural person, account certification certification main body be account, for another example it is advanced from The certification main body of right people's certification and rudimentary natural person certification be natural person, etc..
After determining certification main body, whether detection client has locally installed the digital certificate of the certification main body.In this theory It, can be according to the corresponding relationship of preset type of service and storage environment, really in a kind of specific embodiment of bright book embodiment The corresponding target storage environment of type of service of the fixed service request, thus further in the model of client local detection It encloses.In the target storage environment of client local, the digital certificate for having stored the certification main body is detected whether;If so, Determine the digital certificate for having installed the certification main body;If not, it is determined that the digital certificate of the certification main body is not installed.
If determining the digital certificate for not installing the certification main body through detection, need to continue to carry out body to the certification main body Part certification obtains and carries out authenticating required authentication information to certification main body by the target authentication mode.For example, target authentication Mode is to carry out authenticating the short-message verification that required information is sent to the terminal device when verifying the equipment authentication mode of short message The short-message verification content that content and terminal device return, in this case, certified Information detailed process can be, business clothes After business end sends the short message comprising identifying code to the terminal device, identifying code is inputted into client by user and is sent to business clothes Business end.
S202, according to the authentication information, passes through after certificate server receives the authentication information of business service end transmission The target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
S203 is sent after business service termination receives the result that the certification that certificate server returns passes through to authentication service Digital certificate is requested, and the identity information of the certification main body is carried in the request;
S204 is carried after certificate server receives the digital certificate request of business service end transmission according in the request Identity information, generate simultaneously to business service end return digital certificate;
For ease of description, S202 to S204 is combined and is illustrated.
It is understood that certificate server described in this specification embodiment, can refer to CA mechanism, i.e., by CA mechanism Uniformly carry out authentication and distribution digital certificate;It may also mean that the combination of CA mechanism Yu other related systems, such as CA The function of authentication is licensed to the identity authorization system of Alipay by mechanism, then certificate server is by the certificate including CA mechanism The identity authorization system of publishing system and Alipay;Alternatively, it is also possible to refer to one other have the right to carry out authentication, distribution number The mechanism or system of certificate or multiple combinations that other have the right to carry out authentication, the mechanism or system that issue digital certificate;Deng Deng.
S205, business service termination receive certificate server return digital certificate after, according to preset type of service with The corresponding relationship of storage environment determines the corresponding target storage environment of the type of service of the service request;By the digital certificate It is issued to client, and specifies the target storage environment, so that client is by the digital certificate store to the target storage environment.
In a kind of specific embodiment of this specification embodiment, storage environment may include safety element SE, credible One of performing environment TEE and common performing environment REE or a variety of.
REE (Rich Execution Environment, common performing environment) refers to the general environment of terminal device, uses In OS (Operating System, operating system) such as operation Android, iOS, Linux, the institute of equipment is provided for upper layer App It is functional.REE environment is general and open, thus security level is lower, and OS can directly acquire all numbers of App in REE According to, and the App isolation realized based on OS is easier to be bypassed.
TEE (Trusted Execution Environment, credible performing environment) is a kind of by hardware mechanisms isolation With the environment of REE, REE can only be communicated by specific entrance with TEE, the memory of the accessible REE of TEE, but otherwise REE can not The TEE memory by hardware protection, therefore the security level ratio REE high of TEE are accessed, it is higher confidentiality can be provided for digital certificate Storage environment.
SE (Secure Element, safety element) usually provides storage environment with chip form, has add in the chips Close/decryption logic can prevent external malice parsing attack, protect data safety, and security level is higher than TEE and REE.
It is understood that the storage environment in scheme provided by this specification embodiment, also may include that terminal is set Other storage environments provided in standby based on other software and hardware.
Developer can be directed to different types of service, preset corresponding storage environment, but due to terminal device Software and hardware configuration difference, the storage environment that different terminal equipment can be supported is distinct.Therefore as determining mesh A kind of specific embodiment for marking storage environment, can detect the locally-supported storage environment of client first, obtain at least one Kind can use storage environment, and according to the corresponding relationship of preset type of service and storage environment, determine the industry of the service request The corresponding preferred storage environment of service type.
If described can include the preferred storage environment with storage environment, the preferred storage environment is determined as target Storage environment;If described can not include the preferred storage environment with storage environment, according to preset storage environment safety level Not and storage environment postpones rule, determines target storage environment.
For example, the security level of storage environment can be preset from high to low successively are as follows: SE, TEE, REE, storage environment postpone Rule is to postpone to five-star storage environment.If in terminal device and SE is not configured, it will test TEE and this 2 kinds of REE can With storage environment, determine that transferring accounts for the higher financial application of certain demand for security activates the service according to corresponding relationship, corresponding first choice Storage environment is SE, and therefore the terminal device, will postpone because being not configured without supporting SE storage and determine target storage environment For five-star TEE.
It, can should after client receives the digital certificate that business service end issues and specified target storage environment Digital certificate store is to specified environment, to complete the installation of digital certificate.
In order to illustrate more clearly of the digital certificate mount scheme of this specification embodiment, separately below again from unilateral angle Degree, is illustrated the digital certificate installation method that business service end is executed with certificate server:
Fig. 3 show digital certificate installation method flow chart performed by business service end, can specifically include following step It is rapid:
S301, after the service request for receiving client, according to the corresponding relationship of preset type of service and authentication mode, Determine the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to certification main body The authentication information of certification needs is carried out, and by the authentication information and is sent to certificate server;
S302 after receiving the result that the certification that certificate server returns passes through, sends digital certificate to authentication service and asks It asks, the identity information of the certification main body is carried in the request;
S303, after the digital certificate for receiving certificate server return, according to preset type of service and storage environment Corresponding relationship determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to client End, and specifies the target storage environment, so that client is by the digital certificate store to the target storage environment.
Fig. 4 show digital certificate installation method flow chart performed by certificate server, can specifically include following step It is rapid:
S401 after receiving the authentication information that business service end is sent, according to the authentication information, passes through the certification and believes Corresponding target authentication mode is ceased, authentication is carried out to certification main body, and to business service end return authentication result;
S402, after the digital certificate request for receiving the transmission of business service end, according to the certification carried in the request The identity information of main body generates and returns to digital certificate to business service end.
About the unilateral execution method details at business service end and certificate server, retouching for preceding embodiment may refer to It states, which is not described herein again.
Below with reference to one, more specifically example, the digital certificate installation method provided this specification are illustrated.
Assuming that certain Alipay user needs using flower business, then it first can be by the Alipay installed in smart phone Client opens flower business.
Alipay client by the security centre of Alipay (i.e. business service end), open flower business and ask by transmission It asks.
The locally-supported identification authentication mode of security centre's detection client includes natural person's certification, account certification and equipment Certification, and according to the corresponding relationship of preset type of service and authentication mode, determination needs to carry out natural person's certification, thus will be certainly Right people's certification is determined as target authentication mode, and certification main body is natural person.
In addition, it includes REE, TEE and SE that security centre, which can also detect the locally-supported storage environment of client, and according to The corresponding relationship of preset type of service and storage environment determines to need to store and arrives SE, so that SE is determined as target storage ring Border.
Further, in the SE of client local, the natural person's digital certificate for having stored the user is detected whether.Due to The user did not carried out natural person's certification in the business opened and used before, thus the certificate locally is not detected, thus It determines the local natural person's digital certificate for not installing the user, needs to continue natural person's certification.
Therefore security centre uploads identity card picture, Mobile state face recognition of going forward side by side by Client-Prompt user, and connects By the authentication information that client uploads, i.e. ID card information and facial recognition information, authentication information is sent to and is awarded through CA mechanism The Alipay identity authorization system of power.
After identity authorization system receives authentication information, by natural person's authentication mode, according to the identity card of the user and The information such as face carry out authentication to the user, if certification passes through, the result passed through to security centre's return authentication.
After security centre receives the result that certification passes through, the number card for carrying the subscriber identity information is sent to CA mechanism Book request.
CA mechanism generates corresponding digital certificate according to identity information, and is back to Alipay security centre.In the certificate It may include the information such as the digital signature of the identity information of the user, the public-key cryptography held and CA mechanism.
The digital certificate received is issued to the client of the user by security centre, and indicates that client demonstrate,proves the number Book is stored to SE, to complete the installation of the customer digital certificate after client storage.
As it can be seen that security level required for this business can be judged according to type of service using above scheme, thus Intelligent Matching meets the identification authentication mode and digital certificate store environment of demand for security, realizes the number card of different service types Book is installed under suitable security level.
Corresponding to above method embodiment, this specification embodiment also provides a kind of digital certificate mounting device, is applied to Business service end, it is shown in Figure 5, the apparatus may include:
Authentication mode determining module 110, for after receiving the service request of client, according to preset type of service With the corresponding relationship of authentication mode, the corresponding target authentication mode of the type of service of the service request is determined;
Authentication information sending module 120 is needed for obtaining authenticate to certification main body by the target authentication mode The authentication information wanted, and by the authentication information and it is sent to certificate server;
Digital certificate request module 130, for after the result that passes through of certification for receiving certificate server return, to recognizing Card service sends digital certificate request, and the identity information of the certification main body is carried in the request;
Storage environment determining module 140, for receive certificate server return digital certificate after, according to preset The corresponding relationship of type of service and storage environment determines the corresponding target storage environment of the type of service of the service request;
Digital certificate issues module 150, for the digital certificate to be issued to client, and specifies the target storage ring Border, so that client is by the digital certificate store to the target storage environment.
This specification embodiment also provides a kind of digital certificate mounting device, is applied to certificate server, referring to Fig. 6 institute Show, which includes:
Authentication module 210 is believed after receiving the authentication information that business service end is sent according to the certification Breath carries out authentication to certification main body, and return to business service end by the corresponding target authentication mode of the authentication information Return authentication result;
Digital certificate generation module 220 is asked after the digital certificate request for receiving the transmission of business service end according to this The identity information of the certification main body of middle carrying is sought, generate and returns to digital certificate to business service end.
The function of modules and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in On reservoir and the computer program that can run on a processor, wherein processor realizes number above-mentioned when executing described program Certificate installation method.This method includes at least:
A kind of digital certificate installation method, this method comprises:
It is corresponding with authentication mode according to preset type of service after business service terminates the service request for receiving client Relationship determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to recognizing Card main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, by described Target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, number card is sent to authentication service Book is requested, and the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, according to the identity carried in the request Information generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage ring The corresponding relationship in border determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to Client, and specify the target storage environment, so that client is by the digital certificate store to the target storage environment.
Fig. 7 shows one kind provided by this specification embodiment and more specifically calculates device hardware structural schematic diagram, The equipment may include: processor 1010, memory 1020, input/output interface 1030, communication interface 1040 and bus 1050.Wherein processor 1010, memory 1020, input/output interface 1030 and communication interface 1040 are real by bus 1050 The now communication connection inside equipment each other.
Processor 1010 can use general CPU (Central Processing Unit, central processing unit), micro- place Reason device, application specific integrated circuit (Application Specific Integrated Circuit, ASIC) or one Or the modes such as multiple integrated circuits are realized, for executing relative program, to realize technical side provided by this specification embodiment Case.
Memory 1020 can use ROM (Read Only Memory, read-only memory), RAM (Random Access Memory, random access memory), static storage device, the forms such as dynamic memory realize.Memory 1020 can store Operating system and other applications are realizing technical solution provided by this specification embodiment by software or firmware When, relevant program code is stored in memory 1020, and execution is called by processor 1010.
Input/output interface 1030 is for connecting input/output module, to realize information input and output.Input and output/ Module can be used as component Configuration (not shown) in a device, can also be external in equipment to provide corresponding function.Wherein Input equipment may include keyboard, mouse, touch screen, microphone, various kinds of sensors etc., output equipment may include display, Loudspeaker, vibrator, indicator light etc..
Communication interface 1040 is used for connection communication module (not shown), to realize the communication of this equipment and other equipment Interaction.Wherein communication module can be realized by wired mode (such as USB, cable etc.) and be communicated, can also be wirelessly (such as mobile network, WIFI, bluetooth etc.) realizes communication.
Bus 1050 include an access, equipment various components (such as processor 1010, memory 1020, input/it is defeated Outgoing interface 1030 and communication interface 1040) between transmit information.
It should be noted that although above equipment illustrates only processor 1010, memory 1020, input/output interface 1030, communication interface 1040 and bus 1050, but in the specific implementation process, which can also include realizing normal fortune Other assemblies necessary to row.In addition, it will be appreciated by those skilled in the art that, it can also be only comprising real in above equipment Component necessary to existing this specification example scheme, without including all components shown in figure.
This specification embodiment also provides a kind of computer readable storage medium, is stored thereon with computer program, the journey Digital certificate installation method above-mentioned is realized when sequence is executed by processor.This method includes at least:
A kind of digital certificate installation method, this method comprises:
It is corresponding with authentication mode according to preset type of service after business service terminates the service request for receiving client Relationship determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to recognizing Card main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, by described Target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, number card is sent to authentication service Book is requested, and the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, according to the identity carried in the request Information generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage ring The corresponding relationship in border determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to Client, and specify the target storage environment, so that client is by the digital certificate store to the target storage environment.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
As seen through the above description of the embodiments, those skilled in the art can be understood that this specification Embodiment can be realized by means of software and necessary general hardware platform.Based on this understanding, this specification is implemented Substantially the part that contributes to existing technology can be embodied in the form of software products the technical solution of example in other words, The computer software product can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are to make It is each to obtain computer equipment (can be personal computer, server or the network equipment etc.) execution this specification embodiment Method described in certain parts of a embodiment or embodiment.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment The combination of any several equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality For applying example, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to embodiment of the method Part explanation.The apparatus embodiments described above are merely exemplary, wherein described be used as separate part description Module may or may not be physically separated, can be each module when implementing this specification example scheme Function realize in the same or multiple software and or hardware.Can also select according to the actual needs part therein or Person's whole module achieves the purpose of the solution of this embodiment.Those of ordinary skill in the art are not the case where making the creative labor Under, it can it understands and implements.
The above is only the specific embodiment of this specification embodiment, it is noted that for the general of the art For logical technical staff, under the premise of not departing from this specification embodiment principle, several improvements and modifications can also be made, this A little improvements and modifications also should be regarded as the protection scope of this specification embodiment.

Claims (17)

1. a kind of digital certificate installation method, this method comprises:
After business service terminates the service request for receiving client, closed according to preset type of service is corresponding with authentication mode System, determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to certification Main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, pass through the target Authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, digital certificate is sent to authentication service and is asked It asks, the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, believed according to the identity carried in the request Breath generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage environment Corresponding relationship determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to client End, and specifies the target storage environment, so that client is by the digital certificate store to the target storage environment.
2. according to the method described in claim 1, described obtain authenticates certification main body by the target authentication mode The authentication information needed, comprising:
Determine the certification main body of the target authentication mode;
Whether detection client has locally installed the digital certificate of the certification main body;
If not installing the digital certificate of the certification main body, obtains and certification main body is recognized by the target authentication mode Demonstrate,prove the authentication information needed.
3. according to the method described in claim 2, whether the detection client has locally installed the number of the certification main body Certificate, comprising:
According to the corresponding relationship of preset type of service and storage environment, the corresponding mesh of the type of service of the service request is determined Mark storage environment;
In the target storage environment of client local, the digital certificate for having stored the certification main body is detected whether;If so, Determine the digital certificate for having installed the certification main body;If not, it is determined that the digital certificate of the certification main body is not installed.
4. according to the method described in claim 1, the corresponding relationship according to preset type of service and authentication mode, determines The corresponding target authentication mode of the type of service of the service request, comprising:
The locally-supported authentication mode of client is detected, authentication mode can be used by obtaining at least one;
According to the corresponding relationship of preset type of service and authentication mode, the corresponding head of the type of service of the service request is determined Select authentication mode;
If described can include the preferred authentication mode with authentication mode, the preferred authentication mode is determined as target authentication Mode;
If described can not include the preferred authentication mode with authentication mode, according to preset authentication mode security level and Authentication mode is postponed rule, determines target authentication mode.
5. according to the method described in claim 1, the corresponding relationship according to preset type of service and storage environment, determines The corresponding target storage environment of the type of service of the service request, comprising:
The locally-supported storage environment of client is detected, storage environment can be used by obtaining at least one;
According to the corresponding relationship of preset type of service and storage environment, the corresponding head of the type of service of the service request is determined Select storage environment;
If described can include the preferred storage environment with storage environment, the preferred storage environment is determined as target storage Environment;
If described can not include the preferred storage environment with storage environment, according to preset storage environment security level and Storage environment postpones rule, determines target storage environment.
6. according to the method described in claim 1, the storage environment, comprising:
One of safety element SE, credible performing environment TEE and common performing environment REE or a variety of.
7. a kind of digital certificate installation method is applied to business service end, this method comprises:
After the service request for receiving client, according to the corresponding relationship of preset type of service and authentication mode, the industry is determined The corresponding target authentication mode of type of service of business request;It obtains and certification main body is authenticated by the target authentication mode The authentication information needed, and by the authentication information and it is sent to certificate server;
After receiving the result that the certification that certificate server returns passes through, digital certificate request, the request are sent to authentication service The middle identity information for carrying the certification main body;
After the digital certificate for receiving certificate server return, according to the corresponding relationship of preset type of service and storage environment, Determine the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to client, and is specified The target storage environment, so that client is by the digital certificate store to the target storage environment.
8. a kind of digital certificate installation method is applied to certificate server, this method comprises:
It is corresponding by the authentication information according to the authentication information after the authentication information for receiving the transmission of business service end Target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the digital certificate request for receiving the transmission of business service end, according to the identity of the certification main body carried in the request Information generates and returns to digital certificate to business service end.
9. a kind of digital certificate installation system, which includes: business service end and certificate server;
After business service terminates the service request for receiving client, closed according to preset type of service is corresponding with authentication mode System, determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to certification Main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, pass through the target Authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, digital certificate is sent to authentication service and is asked It asks, the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, believed according to the identity carried in the request Breath generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage environment Corresponding relationship determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to client End, and specifies the target storage environment, so that client is by the digital certificate store to the target storage environment.
10. system according to claim 9, the business service end is specifically used for being obtained in the following manner by described Target authentication mode carries out the authentication information of certification needs to certification main body:
Determine the certification main body of the target authentication mode;
Whether detection client has locally installed the digital certificate of the certification main body;
If not installing the digital certificate of the certification main body, obtains and certification main body is recognized by the target authentication mode Demonstrate,prove the authentication information needed.
11. system according to claim 10, the business service end is specifically used for detecting client in the following manner The local digital certificate for whether having installed the certification main body:
According to the corresponding relationship of preset type of service and storage environment, the corresponding mesh of the type of service of the service request is determined Mark storage environment;
In the target storage environment of client local, the digital certificate for having stored the certification main body is detected whether;If so, Determine the digital certificate for having installed the certification main body;If not, it is determined that the digital certificate of the certification main body is not installed.
12. system according to claim 9, the business service end is specifically used for determining that the business is asked in the following manner The corresponding target authentication mode of the type of service asked:
The locally-supported authentication mode of client is detected, authentication mode can be used by obtaining at least one;
According to the corresponding relationship of preset type of service and authentication mode, the corresponding head of the type of service of the service request is determined Select authentication mode;
If described can include the preferred authentication mode with authentication mode, the preferred authentication mode is determined as target authentication Mode;
If described can not include the preferred authentication mode with authentication mode, according to preset authentication mode security level and Authentication mode is postponed rule, determines target authentication mode.
13. system according to claim 9, the business service end is specifically used for determining the business in the following manner The corresponding target storage environment of the type of service of request:
The locally-supported storage environment of client is detected, storage environment can be used by obtaining at least one;
According to the corresponding relationship of preset type of service and storage environment, the corresponding head of the type of service of the service request is determined Select storage environment;
If described can include the preferred storage environment with storage environment, the preferred storage environment is determined as target storage Environment;
If described can not include the preferred storage environment with storage environment, according to preset storage environment security level and Storage environment postpones rule, determines target storage environment.
14. system according to claim 9, the storage environment, comprising:
One of safety element SE, credible performing environment TEE and common performing environment REE or a variety of.
15. a kind of digital certificate mounting device, is applied to business service end, which includes:
Authentication mode determining module, for according to preset type of service and authenticating after receiving the service request of client The corresponding relationship of mode determines the corresponding target authentication mode of the type of service of the service request;
Authentication information sending module, for obtaining the certification for carrying out certification needs to certification main body by the target authentication mode Information, and by the authentication information and it is sent to certificate server;
Digital certificate request module, for after the result that passes through of certification for receiving certificate server return, to authentication service Digital certificate request is sent, the identity information of the certification main body is carried in the request;
Storage environment determining module, for receive certificate server return digital certificate after, according to preset service class The corresponding relationship of type and storage environment determines the corresponding target storage environment of the type of service of the service request;
Digital certificate issues module, for the digital certificate to be issued to client, and the target storage environment is specified, so that objective Family end is by the digital certificate store to the target storage environment.
16. a kind of digital certificate mounting device, is applied to certificate server, which includes:
Authentication module, according to the authentication information, passes through institute after receiving the authentication information that business service end is sent The corresponding target authentication mode of authentication information is stated, authentication is carried out to certification main body, and to business service end return authentication knot Fruit;
Digital certificate generation module is taken after the digital certificate request for receiving the transmission of business service end according in the request The identity information of the certification main body of band generates and returns to digital certificate to business service end.
17. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, wherein the processor realizes method as claimed in any one of claims 1 to 8 when executing described program.
CN201810575697.3A 2018-06-06 2018-06-06 Digital certificate installation method and system Active CN108965250B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810575697.3A CN108965250B (en) 2018-06-06 2018-06-06 Digital certificate installation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810575697.3A CN108965250B (en) 2018-06-06 2018-06-06 Digital certificate installation method and system

Publications (2)

Publication Number Publication Date
CN108965250A true CN108965250A (en) 2018-12-07
CN108965250B CN108965250B (en) 2020-12-29

Family

ID=64493560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810575697.3A Active CN108965250B (en) 2018-06-06 2018-06-06 Digital certificate installation method and system

Country Status (1)

Country Link
CN (1) CN108965250B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110677240A (en) * 2019-08-29 2020-01-10 阿里巴巴集团控股有限公司 Method and device for providing high-availability computing service through certificate issuing
CN110717156A (en) * 2019-09-06 2020-01-21 上海陆家嘴国际金融资产交易市场股份有限公司 Identity authentication method, system, computer device and storage medium
CN111262830A (en) * 2020-01-07 2020-06-09 广州虎牙科技有限公司 Security authentication method, device, system, electronic equipment and storage medium
CN111552942A (en) * 2020-04-27 2020-08-18 北京三快在线科技有限公司 Identity authentication method, system, device and computer storage medium
US10790979B1 (en) 2019-08-29 2020-09-29 Alibaba Group Holding Limited Providing high availability computing service by issuing a certificate
CN114363073A (en) * 2022-01-07 2022-04-15 中国联合网络通信集团有限公司 TLS encrypted traffic analysis method and device, terminal device and storage medium
CN115834245A (en) * 2023-01-05 2023-03-21 卓望数码技术(深圳)有限公司 Security authentication method, system, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070077195A (en) * 2007-06-28 2007-07-25 김경호 Wireless internet environment for hand phone user authentication
CN101043337A (en) * 2007-03-22 2007-09-26 中兴通讯股份有限公司 Interactive process for content class service
CN106487505A (en) * 2016-09-12 2017-03-08 北京安御道合科技有限公司 Key management, acquisition methods and relevant apparatus and system
CN107786344A (en) * 2017-10-30 2018-03-09 阿里巴巴集团控股有限公司 Applying digital certificate, the implementation method used and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043337A (en) * 2007-03-22 2007-09-26 中兴通讯股份有限公司 Interactive process for content class service
KR20070077195A (en) * 2007-06-28 2007-07-25 김경호 Wireless internet environment for hand phone user authentication
CN106487505A (en) * 2016-09-12 2017-03-08 北京安御道合科技有限公司 Key management, acquisition methods and relevant apparatus and system
CN107786344A (en) * 2017-10-30 2018-03-09 阿里巴巴集团控股有限公司 Applying digital certificate, the implementation method used and device

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10972272B2 (en) 2019-08-29 2021-04-06 Advanced New Technologies Co., Ltd. Providing high availability computing service by issuing a certificate
CN110677240B (en) * 2019-08-29 2020-07-10 阿里巴巴集团控股有限公司 Method, apparatus and medium for providing highly available computing services through certificate issuance
US10790979B1 (en) 2019-08-29 2020-09-29 Alibaba Group Holding Limited Providing high availability computing service by issuing a certificate
CN110677240A (en) * 2019-08-29 2020-01-10 阿里巴巴集团控股有限公司 Method and device for providing high-availability computing service through certificate issuing
US11206137B2 (en) 2019-08-29 2021-12-21 Advanced New Technologies Co., Ltd. Providing high availability computing service by issuing a certificate
CN110717156A (en) * 2019-09-06 2020-01-21 上海陆家嘴国际金融资产交易市场股份有限公司 Identity authentication method, system, computer device and storage medium
CN110717156B (en) * 2019-09-06 2022-09-09 未鲲(上海)科技服务有限公司 Identity authentication method, system, computer device and storage medium
CN111262830A (en) * 2020-01-07 2020-06-09 广州虎牙科技有限公司 Security authentication method, device, system, electronic equipment and storage medium
CN111262830B (en) * 2020-01-07 2022-08-19 广州虎牙科技有限公司 Security authentication method, device, system, electronic equipment and storage medium
CN111552942A (en) * 2020-04-27 2020-08-18 北京三快在线科技有限公司 Identity authentication method, system, device and computer storage medium
CN111552942B (en) * 2020-04-27 2023-02-10 北京三快在线科技有限公司 Identity authentication method, system, device and computer storage medium
CN114363073A (en) * 2022-01-07 2022-04-15 中国联合网络通信集团有限公司 TLS encrypted traffic analysis method and device, terminal device and storage medium
CN115834245A (en) * 2023-01-05 2023-03-21 卓望数码技术(深圳)有限公司 Security authentication method, system, equipment and storage medium

Also Published As

Publication number Publication date
CN108965250B (en) 2020-12-29

Similar Documents

Publication Publication Date Title
CN108965250A (en) A kind of digital certificate installation method and system
CN107294721B (en) The method and apparatus of identity registration, certification based on biological characteristic
US11621855B2 (en) Electronic device and method for managing blockchain address using the same
US11870769B2 (en) System and method for identifying a browser instance in a browser session with a server
US10362026B2 (en) Providing multi-factor authentication credentials via device notifications
EP3280090A1 (en) User authentication method and device, and wearable device registration method and device
US20190165947A1 (en) Signatures for near field communications
CN111401902A (en) Service processing method, device and equipment based on block chain
US20170032111A1 (en) Approaches for providing multi-factor authentication credentials
US10642664B2 (en) System and method for securing an inter-process communication via a named pipe
TWI710971B (en) Method and device for scene-based storage of facial information based on blockchain
WO2018083604A1 (en) Verifying an association between a communication device and a user
US20150038118A1 (en) Method for verifying the identity of a user of a communicating terminal and associated system
CN109408250A (en) Call application programming interface API approach, device, electronic equipment
US11757640B2 (en) Non-fungible token authentication
CN112583593B (en) Private communication method and device between users
EP2875460A1 (en) Anti-cloning system and method
US10841297B2 (en) Providing multi-factor authentication credentials via device notifications
CN104717648A (en) Unified authentication method and device based on SIM card
WO2023241060A1 (en) Data access method and apparatus
CN116170144B (en) Smart power grid anonymous authentication method, electronic equipment and storage medium
CN107005846B (en) Local authentication
EP3329650B1 (en) Providing multi-factor authentication credentials via device notifications
Zhang Secure mobile service-oriented architecture

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant