Summary of the invention
In view of the above technical problems, this specification embodiment provides a kind of digital certificate installation method and system, technical side
Case is as follows:
According to this specification embodiment in a first aspect, provide a kind of digital certificate installation method, this method comprises:
It is corresponding with authentication mode according to preset type of service after business service terminates the service request for receiving client
Relationship determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to recognizing
Card main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, by described
Target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, number card is sent to authentication service
Book is requested, and the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, according to the identity carried in the request
Information generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage ring
The corresponding relationship in border determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to
Client, and specify the target storage environment, so that client is by the digital certificate store to the target storage environment.
According to the second aspect of this specification embodiment, a kind of digital certificate installation method is provided, is applied to business service
End, this method comprises:
After the service request for receiving client, according to the corresponding relationship of preset type of service and authentication mode, determine
The corresponding target authentication mode of the type of service of the service request;It obtains and certification main body is carried out by the target authentication mode
The authentication information needed is authenticated, and by the authentication information and is sent to certificate server;
After receiving the result that the certification that certificate server returns passes through, digital certificate request is sent to authentication service, it should
The identity information of the certification main body is carried in request;
After the digital certificate for receiving certificate server return, closed according to preset type of service is corresponding with storage environment
System, determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to client, and is referred to
Fixed target storage environment, so that client is by the digital certificate store to the target storage environment.
According to the third aspect of this specification embodiment, a kind of digital certificate installation method is provided, is applied to authentication service
End, this method comprises:
After the authentication information for receiving the transmission of business service end, according to the authentication information, pass through the authentication information pair
The target authentication mode answered carries out authentication to certification main body, and to business service end return authentication result;
After the digital certificate request for receiving the transmission of business service end, according to the certification main body carried in the request
Identity information generates and returns to digital certificate to business service end.
According to the fourth aspect of this specification embodiment, a kind of digital certificate installation system is provided, which includes: business
Server-side and certificate server;
It is corresponding with authentication mode according to preset type of service after business service terminates the service request for receiving client
Relationship determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to recognizing
Card main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, by described
Target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, number card is sent to authentication service
Book is requested, and the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, according to the identity carried in the request
Information generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage ring
The corresponding relationship in border determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to
Client, and specify the target storage environment, so that client is by the digital certificate store to the target storage environment.
According to the 5th of this specification embodiment the aspect, a kind of digital certificate mounting device is provided, is applied to business service
End, the device include:
Authentication mode determining module, for after receiving the service request of client, according to preset type of service with
The corresponding relationship of authentication mode determines the corresponding target authentication mode of the type of service of the service request;
Authentication information sending module carries out certification needs to certification main body by the target authentication mode for obtaining
Authentication information, and by the authentication information and it is sent to certificate server;
Digital certificate request module, for after the result that passes through of certification for receiving certificate server return, to certification
Service sends digital certificate request, and the identity information of the certification main body is carried in the request;
Storage environment determining module, for receive certificate server return digital certificate after, according to preset industry
The corresponding relationship of service type and storage environment determines the corresponding target storage environment of the type of service of the service request;
Digital certificate issues module, for the digital certificate to be issued to client, and specifies the target storage environment, with
Make client by the digital certificate store to the target storage environment.
According to the 6th of this specification embodiment the aspect, a kind of digital certificate mounting device is provided, is applied to authentication service
End, the device include:
Authentication module, according to the authentication information, is led to after receiving the authentication information that business service end is sent
The corresponding target authentication mode of the authentication information is crossed, authentication is carried out to certification main body, and return and recognize to business service end
Demonstrate,prove result;
Digital certificate generation module, after the digital certificate request for receiving the transmission of business service end, according to the request
The identity information of the certification main body of middle carrying generates and returns to digital certificate to business service end.
Technical solution provided by this specification embodiment, business service end can be specifically according to this service requests
Type of service judges security level required for this business, so that it is determined that the authentication mode of authentication and digital certificate
Storage environment.Different authentication mode and storage environment is used in combination in business service end, realizes client with various different safety
Rank installs digital certificate, meets the demand for security of the different stage of various different service types.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
This specification embodiment can be limited.
In addition, any embodiment in this specification embodiment does not need to reach above-mentioned whole effects.
Specific embodiment
In order to make those skilled in the art more fully understand the technical solution in this specification embodiment, below in conjunction with this
Attached drawing in specification embodiment is described in detail the technical solution in this specification embodiment, it is clear that described
Embodiment is only a part of the embodiment of this specification, instead of all the embodiments.The embodiment of base in this manual,
Those of ordinary skill in the art's every other embodiment obtained, all should belong to the range of protection.
Digital certificate is that had authoritative by CA (Certificate Authority, certificate granting) authority releases
Proof of identification, the identity of the main body for proving to participate in all kinds of business in internet, main body can be natural person, account, terminal
Equipment, server etc..The number of the identity information that main body is contained in digital certificate, the public-key cryptography held and CA mechanism
The information such as signature allow the both sides of information exchange in internet to identify the identity of other side, and guarantee information in transmission process
In do not distorted by third party.
When main body is to CA mechanism application digital certificate, it is necessary first to authentication is carried out, for similar and different form
Main body can carry out authentication by different modes, and the demand for security that different authentication modes is able to satisfy is also different.
After authentication passes through, CA mechanism will to the main body authorized Digital Certificate, and by the corresponding equipment of the main body into
The installation to digital certificate is completed in row storage, can be directly using mounted number card in business processing later
Book, without applying repeatedly.
With the development of the mobile terminals such as mobile phone, tablet computer, mobile terminal becomes the common equipment of user, also becomes normal
Digital certificate store medium.Applied to the digital certificate of different business scene, there is different safety to need storage environment
It asks, and is also typically present a variety of storage environments in mobile terminal, can satisfy different demands for security.
This specification embodiment provides a kind of digital certificate installation method, can be according to the demand for security of business scenario, intelligence
The identification authentication mode and storage environment of security level meet demand can be matched.
In the embodiment of this specification, the process of digital certificate installation is related to client, business service end and certification clothes
Business end, corresponding system architecture schematic diagram is as shown in Figure 1, include client device 10, business service end equipment 20 and certification clothes
Business end equipment 20.Wherein, client device, that is, digital certificate mobile terminal device, business service end equipment and certification take
The concrete form for end equipment of being engaged in, can be forms, the three terminal devices such as a specific server or server cluster can be by each
The network implementations communication connection of kind form, this specification do not need this to be defined.
Fig. 2 is the interaction diagrams of digital certificate installation method that this specification embodiment provides, can specifically include with
Lower step:
S201, after business service terminates the service request for receiving client, according to preset type of service and authentication mode
Corresponding relationship, determine the corresponding target authentication mode of the type of service of the service request;Acquisition passes through the target authentication side
Formula carries out authenticating required authentication information to certification main body, and by the authentication information and is sent to certificate server;
When user participates in a certain business by the client that mobile terminal is installed, client will be sent out to business service end
Corresponding service request is sent, and business service end will install corresponding digital certificate according to the service request.
As described above, when digital certificate is installed, it is necessary first to authentication is carried out, and is directed to various forms of main bodys,
Different authentication modes can be used.
For example, the modes such as verifying identity card, face, vocal print, iris can be used and authenticated when main body is natural person;
Main body is that can be authenticated by modes such as verifying short messages when can be inserted into the terminal device of SIM card;It, can when main body is account
It is authenticated in a manner of through verifying password etc.;Etc..
In addition, different business scenarios, the demand for security of business procession is not quite similar, and digital certificate is as identification
Subject identity, a kind of means for ensureing information transmission, also not to the demand for security of the digital certificate for being applied to different business scene
It is identical.For example, the business of the types such as e-commerce, demand for security is higher than the business of the types such as network social intercourse, and network government affairs
Etc. types business, demand for security may be higher than e-commerce, etc. again.
The demand for security of digital certificate is mainly reflected in authentication mode and storage environment, and different authentication modes,
With different security levels, different demands for security can satisfy.
For example, main body be natural person when, due to there may be identity card is usurped, verify simultaneously identity card with
The authentication mode of face, than only verifying the authentication mode of identity card more comprehensively, thus it is safer, it can be used for security requirement
Higher business scenario.
This illustrates the digital certificate mount scheme that embodiment provides, can be according to the type of service of service request, intelligent
Authentication mode with security level meet demand.Therefore, business service end will be first according to preset type of service and authenticating party
The corresponding relationship of formula determines the corresponding target authentication mode of the type of service of the service request.
Wherein, the corresponding relationship of type of service and authentication mode can be preset by developer.Such as government affairs type
The authentication mode of business is natural person's certification, and the authentication mode of the business of social type is account certification, etc.;Or it limits small
The authentication mode of the business of volume transaction is the rudimentary natural person certification for verifying identity card, and the authentication mode of block trade business is to test
Demonstrate,prove the advanced natural person certification, etc. of identity card, face and vocal print.This specification embodiment is set not to specific corresponding to relationship
It is defined, those skilled in the art can neatly set according to the actual situation.
It is understood that developer can be directed to different types of service, corresponding authentication side is preset
Formula, but due to the difference of the software of terminal device and hardware configuration, there are areas for the authentication mode that different terminal equipment can be supported
Not.
Therefore, in order to avoid the efficiency of raising authentication, most suitable authentication mode is matched for service request, in this theory
In a kind of specific embodiment of bright book embodiment, the locally-supported authentication mode of client can be detected first, is obtained at least
One kind can determine the service request then according to the corresponding relationship of preset type of service and authentication mode with authentication mode
The corresponding preferred authentication mode of type of service.
If described can include the preferred authentication mode with authentication mode, the preferred authentication mode is determined as target
Authentication mode;If described can not include the preferred authentication mode with authentication mode, according to preset authentication mode safety level
Not and authentication mode is postponed rule, determines target authentication mode.
For example, the security level of authentication mode can be preset from high to low successively are as follows: advanced natural person's certification, middle rank are natural
People's certification, rudimentary natural person certification, account number cipher certification and equipment short message certification, authentication mode postpone rule to postpone supreme one
The authentication mode of grade.If terminal device is tablet computer, will test to 4 kinds can use authentication mode, be determined according to corresponding relationship
The registration business of the lower social application of certain demand for security, corresponding first choice authentication mode is equipment short message certification, and plate is electric
Brain is not available SIM card because therefore, will postpone and determine that target authentication mode is higher leveled without holding equipment short message certification
Account number cipher certification.
After determining target authentication mode, it can further obtain authenticate by target authentication mode and required recognize
Information is demonstrate,proved, to be authenticated.
Certainly, according to noted earlier, identical business is authenticated if before, or in similar business field
Identical type of service is authenticated in scape, then there is the case where client has been mounted with respective digital certificate, in order to
Avoiding repetition from installing influence business processing efficiency can be in determination in a kind of specific embodiment of this specification embodiment
After target authentication mode, first detect whether to be mounted with respective digital certificate.
Specifically, it is first determined the certification main body of the target authentication mode, each authentication mode have its corresponding certification
Main body, such as natural person certification certification main body be natural person, account certification certification main body be account, for another example it is advanced from
The certification main body of right people's certification and rudimentary natural person certification be natural person, etc..
After determining certification main body, whether detection client has locally installed the digital certificate of the certification main body.In this theory
It, can be according to the corresponding relationship of preset type of service and storage environment, really in a kind of specific embodiment of bright book embodiment
The corresponding target storage environment of type of service of the fixed service request, thus further in the model of client local detection
It encloses.In the target storage environment of client local, the digital certificate for having stored the certification main body is detected whether;If so,
Determine the digital certificate for having installed the certification main body;If not, it is determined that the digital certificate of the certification main body is not installed.
If determining the digital certificate for not installing the certification main body through detection, need to continue to carry out body to the certification main body
Part certification obtains and carries out authenticating required authentication information to certification main body by the target authentication mode.For example, target authentication
Mode is to carry out authenticating the short-message verification that required information is sent to the terminal device when verifying the equipment authentication mode of short message
The short-message verification content that content and terminal device return, in this case, certified Information detailed process can be, business clothes
After business end sends the short message comprising identifying code to the terminal device, identifying code is inputted into client by user and is sent to business clothes
Business end.
S202, according to the authentication information, passes through after certificate server receives the authentication information of business service end transmission
The target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
S203 is sent after business service termination receives the result that the certification that certificate server returns passes through to authentication service
Digital certificate is requested, and the identity information of the certification main body is carried in the request;
S204 is carried after certificate server receives the digital certificate request of business service end transmission according in the request
Identity information, generate simultaneously to business service end return digital certificate;
For ease of description, S202 to S204 is combined and is illustrated.
It is understood that certificate server described in this specification embodiment, can refer to CA mechanism, i.e., by CA mechanism
Uniformly carry out authentication and distribution digital certificate;It may also mean that the combination of CA mechanism Yu other related systems, such as CA
The function of authentication is licensed to the identity authorization system of Alipay by mechanism, then certificate server is by the certificate including CA mechanism
The identity authorization system of publishing system and Alipay;Alternatively, it is also possible to refer to one other have the right to carry out authentication, distribution number
The mechanism or system of certificate or multiple combinations that other have the right to carry out authentication, the mechanism or system that issue digital certificate;Deng
Deng.
S205, business service termination receive certificate server return digital certificate after, according to preset type of service with
The corresponding relationship of storage environment determines the corresponding target storage environment of the type of service of the service request;By the digital certificate
It is issued to client, and specifies the target storage environment, so that client is by the digital certificate store to the target storage environment.
In a kind of specific embodiment of this specification embodiment, storage environment may include safety element SE, credible
One of performing environment TEE and common performing environment REE or a variety of.
REE (Rich Execution Environment, common performing environment) refers to the general environment of terminal device, uses
In OS (Operating System, operating system) such as operation Android, iOS, Linux, the institute of equipment is provided for upper layer App
It is functional.REE environment is general and open, thus security level is lower, and OS can directly acquire all numbers of App in REE
According to, and the App isolation realized based on OS is easier to be bypassed.
TEE (Trusted Execution Environment, credible performing environment) is a kind of by hardware mechanisms isolation
With the environment of REE, REE can only be communicated by specific entrance with TEE, the memory of the accessible REE of TEE, but otherwise REE can not
The TEE memory by hardware protection, therefore the security level ratio REE high of TEE are accessed, it is higher confidentiality can be provided for digital certificate
Storage environment.
SE (Secure Element, safety element) usually provides storage environment with chip form, has add in the chips
Close/decryption logic can prevent external malice parsing attack, protect data safety, and security level is higher than TEE and REE.
It is understood that the storage environment in scheme provided by this specification embodiment, also may include that terminal is set
Other storage environments provided in standby based on other software and hardware.
Developer can be directed to different types of service, preset corresponding storage environment, but due to terminal device
Software and hardware configuration difference, the storage environment that different terminal equipment can be supported is distinct.Therefore as determining mesh
A kind of specific embodiment for marking storage environment, can detect the locally-supported storage environment of client first, obtain at least one
Kind can use storage environment, and according to the corresponding relationship of preset type of service and storage environment, determine the industry of the service request
The corresponding preferred storage environment of service type.
If described can include the preferred storage environment with storage environment, the preferred storage environment is determined as target
Storage environment;If described can not include the preferred storage environment with storage environment, according to preset storage environment safety level
Not and storage environment postpones rule, determines target storage environment.
For example, the security level of storage environment can be preset from high to low successively are as follows: SE, TEE, REE, storage environment postpone
Rule is to postpone to five-star storage environment.If in terminal device and SE is not configured, it will test TEE and this 2 kinds of REE can
With storage environment, determine that transferring accounts for the higher financial application of certain demand for security activates the service according to corresponding relationship, corresponding first choice
Storage environment is SE, and therefore the terminal device, will postpone because being not configured without supporting SE storage and determine target storage environment
For five-star TEE.
It, can should after client receives the digital certificate that business service end issues and specified target storage environment
Digital certificate store is to specified environment, to complete the installation of digital certificate.
In order to illustrate more clearly of the digital certificate mount scheme of this specification embodiment, separately below again from unilateral angle
Degree, is illustrated the digital certificate installation method that business service end is executed with certificate server:
Fig. 3 show digital certificate installation method flow chart performed by business service end, can specifically include following step
It is rapid:
S301, after the service request for receiving client, according to the corresponding relationship of preset type of service and authentication mode,
Determine the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to certification main body
The authentication information of certification needs is carried out, and by the authentication information and is sent to certificate server;
S302 after receiving the result that the certification that certificate server returns passes through, sends digital certificate to authentication service and asks
It asks, the identity information of the certification main body is carried in the request;
S303, after the digital certificate for receiving certificate server return, according to preset type of service and storage environment
Corresponding relationship determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to client
End, and specifies the target storage environment, so that client is by the digital certificate store to the target storage environment.
Fig. 4 show digital certificate installation method flow chart performed by certificate server, can specifically include following step
It is rapid:
S401 after receiving the authentication information that business service end is sent, according to the authentication information, passes through the certification and believes
Corresponding target authentication mode is ceased, authentication is carried out to certification main body, and to business service end return authentication result;
S402, after the digital certificate request for receiving the transmission of business service end, according to the certification carried in the request
The identity information of main body generates and returns to digital certificate to business service end.
About the unilateral execution method details at business service end and certificate server, retouching for preceding embodiment may refer to
It states, which is not described herein again.
Below with reference to one, more specifically example, the digital certificate installation method provided this specification are illustrated.
Assuming that certain Alipay user needs using flower business, then it first can be by the Alipay installed in smart phone
Client opens flower business.
Alipay client by the security centre of Alipay (i.e. business service end), open flower business and ask by transmission
It asks.
The locally-supported identification authentication mode of security centre's detection client includes natural person's certification, account certification and equipment
Certification, and according to the corresponding relationship of preset type of service and authentication mode, determination needs to carry out natural person's certification, thus will be certainly
Right people's certification is determined as target authentication mode, and certification main body is natural person.
In addition, it includes REE, TEE and SE that security centre, which can also detect the locally-supported storage environment of client, and according to
The corresponding relationship of preset type of service and storage environment determines to need to store and arrives SE, so that SE is determined as target storage ring
Border.
Further, in the SE of client local, the natural person's digital certificate for having stored the user is detected whether.Due to
The user did not carried out natural person's certification in the business opened and used before, thus the certificate locally is not detected, thus
It determines the local natural person's digital certificate for not installing the user, needs to continue natural person's certification.
Therefore security centre uploads identity card picture, Mobile state face recognition of going forward side by side by Client-Prompt user, and connects
By the authentication information that client uploads, i.e. ID card information and facial recognition information, authentication information is sent to and is awarded through CA mechanism
The Alipay identity authorization system of power.
After identity authorization system receives authentication information, by natural person's authentication mode, according to the identity card of the user and
The information such as face carry out authentication to the user, if certification passes through, the result passed through to security centre's return authentication.
After security centre receives the result that certification passes through, the number card for carrying the subscriber identity information is sent to CA mechanism
Book request.
CA mechanism generates corresponding digital certificate according to identity information, and is back to Alipay security centre.In the certificate
It may include the information such as the digital signature of the identity information of the user, the public-key cryptography held and CA mechanism.
The digital certificate received is issued to the client of the user by security centre, and indicates that client demonstrate,proves the number
Book is stored to SE, to complete the installation of the customer digital certificate after client storage.
As it can be seen that security level required for this business can be judged according to type of service using above scheme, thus
Intelligent Matching meets the identification authentication mode and digital certificate store environment of demand for security, realizes the number card of different service types
Book is installed under suitable security level.
Corresponding to above method embodiment, this specification embodiment also provides a kind of digital certificate mounting device, is applied to
Business service end, it is shown in Figure 5, the apparatus may include:
Authentication mode determining module 110, for after receiving the service request of client, according to preset type of service
With the corresponding relationship of authentication mode, the corresponding target authentication mode of the type of service of the service request is determined;
Authentication information sending module 120 is needed for obtaining authenticate to certification main body by the target authentication mode
The authentication information wanted, and by the authentication information and it is sent to certificate server;
Digital certificate request module 130, for after the result that passes through of certification for receiving certificate server return, to recognizing
Card service sends digital certificate request, and the identity information of the certification main body is carried in the request;
Storage environment determining module 140, for receive certificate server return digital certificate after, according to preset
The corresponding relationship of type of service and storage environment determines the corresponding target storage environment of the type of service of the service request;
Digital certificate issues module 150, for the digital certificate to be issued to client, and specifies the target storage ring
Border, so that client is by the digital certificate store to the target storage environment.
This specification embodiment also provides a kind of digital certificate mounting device, is applied to certificate server, referring to Fig. 6 institute
Show, which includes:
Authentication module 210 is believed after receiving the authentication information that business service end is sent according to the certification
Breath carries out authentication to certification main body, and return to business service end by the corresponding target authentication mode of the authentication information
Return authentication result;
Digital certificate generation module 220 is asked after the digital certificate request for receiving the transmission of business service end according to this
The identity information of the certification main body of middle carrying is sought, generate and returns to digital certificate to business service end.
The function of modules and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
This specification embodiment also provides a kind of computer equipment, includes at least memory, processor and is stored in
On reservoir and the computer program that can run on a processor, wherein processor realizes number above-mentioned when executing described program
Certificate installation method.This method includes at least:
A kind of digital certificate installation method, this method comprises:
It is corresponding with authentication mode according to preset type of service after business service terminates the service request for receiving client
Relationship determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to recognizing
Card main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, by described
Target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, number card is sent to authentication service
Book is requested, and the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, according to the identity carried in the request
Information generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage ring
The corresponding relationship in border determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to
Client, and specify the target storage environment, so that client is by the digital certificate store to the target storage environment.
Fig. 7 shows one kind provided by this specification embodiment and more specifically calculates device hardware structural schematic diagram,
The equipment may include: processor 1010, memory 1020, input/output interface 1030, communication interface 1040 and bus
1050.Wherein processor 1010, memory 1020, input/output interface 1030 and communication interface 1040 are real by bus 1050
The now communication connection inside equipment each other.
Processor 1010 can use general CPU (Central Processing Unit, central processing unit), micro- place
Reason device, application specific integrated circuit (Application Specific Integrated Circuit, ASIC) or one
Or the modes such as multiple integrated circuits are realized, for executing relative program, to realize technical side provided by this specification embodiment
Case.
Memory 1020 can use ROM (Read Only Memory, read-only memory), RAM (Random Access
Memory, random access memory), static storage device, the forms such as dynamic memory realize.Memory 1020 can store
Operating system and other applications are realizing technical solution provided by this specification embodiment by software or firmware
When, relevant program code is stored in memory 1020, and execution is called by processor 1010.
Input/output interface 1030 is for connecting input/output module, to realize information input and output.Input and output/
Module can be used as component Configuration (not shown) in a device, can also be external in equipment to provide corresponding function.Wherein
Input equipment may include keyboard, mouse, touch screen, microphone, various kinds of sensors etc., output equipment may include display,
Loudspeaker, vibrator, indicator light etc..
Communication interface 1040 is used for connection communication module (not shown), to realize the communication of this equipment and other equipment
Interaction.Wherein communication module can be realized by wired mode (such as USB, cable etc.) and be communicated, can also be wirelessly
(such as mobile network, WIFI, bluetooth etc.) realizes communication.
Bus 1050 include an access, equipment various components (such as processor 1010, memory 1020, input/it is defeated
Outgoing interface 1030 and communication interface 1040) between transmit information.
It should be noted that although above equipment illustrates only processor 1010, memory 1020, input/output interface
1030, communication interface 1040 and bus 1050, but in the specific implementation process, which can also include realizing normal fortune
Other assemblies necessary to row.In addition, it will be appreciated by those skilled in the art that, it can also be only comprising real in above equipment
Component necessary to existing this specification example scheme, without including all components shown in figure.
This specification embodiment also provides a kind of computer readable storage medium, is stored thereon with computer program, the journey
Digital certificate installation method above-mentioned is realized when sequence is executed by processor.This method includes at least:
A kind of digital certificate installation method, this method comprises:
It is corresponding with authentication mode according to preset type of service after business service terminates the service request for receiving client
Relationship determines the corresponding target authentication mode of the type of service of the service request;It obtains through the target authentication mode to recognizing
Card main body carries out authenticating required authentication information, and by the authentication information and is sent to certificate server;
After certificate server receives the authentication information of business service end transmission, according to the authentication information, by described
Target authentication mode carries out authentication to certification main body, and to business service end return authentication result;
After the result that the certification that business service termination receives certificate server return passes through, number card is sent to authentication service
Book is requested, and the identity information of the certification main body is carried in the request;
After certificate server receives the digital certificate request of business service end transmission, according to the identity carried in the request
Information generates and returns to digital certificate to business service end;
After business service termination receives the digital certificate of certificate server return, according to preset type of service and storage ring
The corresponding relationship in border determines the corresponding target storage environment of the type of service of the service request;The digital certificate is issued to
Client, and specify the target storage environment, so that client is by the digital certificate store to the target storage environment.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
As seen through the above description of the embodiments, those skilled in the art can be understood that this specification
Embodiment can be realized by means of software and necessary general hardware platform.Based on this understanding, this specification is implemented
Substantially the part that contributes to existing technology can be embodied in the form of software products the technical solution of example in other words,
The computer software product can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are to make
It is each to obtain computer equipment (can be personal computer, server or the network equipment etc.) execution this specification embodiment
Method described in certain parts of a embodiment or embodiment.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment
The combination of any several equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality
For applying example, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to embodiment of the method
Part explanation.The apparatus embodiments described above are merely exemplary, wherein described be used as separate part description
Module may or may not be physically separated, can be each module when implementing this specification example scheme
Function realize in the same or multiple software and or hardware.Can also select according to the actual needs part therein or
Person's whole module achieves the purpose of the solution of this embodiment.Those of ordinary skill in the art are not the case where making the creative labor
Under, it can it understands and implements.
The above is only the specific embodiment of this specification embodiment, it is noted that for the general of the art
For logical technical staff, under the premise of not departing from this specification embodiment principle, several improvements and modifications can also be made, this
A little improvements and modifications also should be regarded as the protection scope of this specification embodiment.