CN110365486A - A kind of certificate request method, device and equipment - Google Patents

A kind of certificate request method, device and equipment Download PDF

Info

Publication number
CN110365486A
CN110365486A CN201910575537.3A CN201910575537A CN110365486A CN 110365486 A CN110365486 A CN 110365486A CN 201910575537 A CN201910575537 A CN 201910575537A CN 110365486 A CN110365486 A CN 110365486A
Authority
CN
China
Prior art keywords
encrypted
certificate
request
terminal
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910575537.3A
Other languages
Chinese (zh)
Other versions
CN110365486B (en
Inventor
朱旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Neusoft Corp
Original Assignee
Neusoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Neusoft Corp filed Critical Neusoft Corp
Priority to CN201910575537.3A priority Critical patent/CN110365486B/en
Publication of CN110365486A publication Critical patent/CN110365486A/en
Application granted granted Critical
Publication of CN110365486B publication Critical patent/CN110365486B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a kind of certificate request method, device and equipment, and terminal issues the public key of system PCA using anonymous credential, encrypts to the certificate request request for carrying encrypted public key, obtains encrypted certificate application request;Encrypted public key is what the terminal generated;Encrypted certificate application request is sent to access verifying system RA, and the PCA is sent to via the RA, so that encrypted certificate application request is decrypted in the PCA, obtain the encrypted public key, and after being encrypted as the anonymous credential that the terminal generates using the encrypted public key, the anonymous credential is sent to the RA;Receive the anonymous credential sent via the RA.The application can guarantee not to be leaked during carrying out certificate request and in the encrypted public key of one lateral terminal of certification authority, and then the information security of the certificate of utility encrypted public key encryption, the information security of the final terminal for guaranteeing to communicate using the certificate.

Description

A kind of certificate request method, device and equipment
Technical field
This application involves data processing fields, and in particular to a kind of certificate request method, device and equipment.
Background technique
In information security field, need before each terminal carries out information communication to responsible distribution & management digital certificate Authoritative institution, i.e. certification authority (Certificate Authority;CA the application of certificate) is carried out.
And certificate is generally divided into explicit certificate and implicit certificate, currently, explicit certificate is universal in many fields in China Using still, compared with implicit certificate, showing during the defect of certificate is certificate request that public key information is explicit and one It is straight constant, and public key information relevant information of corresponding terminal if leakage can also be revealed, and the letter of terminal is seriously threatened Breath safety.
Therefore, for explicit certificate, how to guarantee that information security during certificate request is current urgent need to resolve Problem.
Summary of the invention
In view of this, can guarantee certificate request as far as possible this application provides a kind of certificate request method, device and equipment Information security in the process.
In a first aspect, for achieving the above object, this application provides a kind of certificate request method, the method applications In terminal, which comprises
The public key that system PCA is issued using anonymous credential encrypts the certificate request request for carrying encrypted public key, obtains It is requested to encrypted certificate application;Wherein, the encrypted public key is what the terminal generated;
Encrypted certificate application request is sent to access verifying system RA, and is sent to the PCA via the RA, So that encrypted certificate application request is decrypted in the PCA, the encrypted public key is obtained, and utilize the encrypted public key After being encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA;
Receive the anonymous credential sent via the RA.
In a kind of optional embodiment, the public key that system PCA is issued using anonymous credential, to carrying encrypted public key Certificate request request encrypted, obtain encrypted certificate application request before, further includes:
It is encrypted using the encrypted public key that the public key of PCA generates the terminal, obtains public key cryptography;
Correspondingly, the public key for being issued system PCA using anonymous credential, requests the certificate request for carrying encrypted public key It is encrypted, obtains encrypted certificate application request, specifically:
The certificate request request for carrying the public key cryptography is encrypted using the public key of the PCA, obtains encryption card Book application request.
Second aspect, present invention also provides a kind of certificate request method, the method is issued applied to anonymous credential is Unite PCA, which comprises
The PCA is received to be requested via the encrypted certificate application for carrying out self terminal of access verifying system RA forwarding;Wherein, institute Encrypted certificate application request is stated to carry the encrypted public key of the terminal generation and obtain using the public key encryption of the PCA;
After encrypted certificate application request is decrypted in the PCA, the encrypted public key is obtained, and add using described After Migong key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA, so as to by the RA The anonymous credential is forwarded to the terminal.
In a kind of optional embodiment, after generating anonymous credential for the terminal, further includes:
After the PCA sends the timeliness application request of the anonymous credential to time management system, when reception comes from described Between management system the anonymous credential timeliness authorization response;
Correspondingly, before the anonymous credential is sent to the RA, further includes:
After anonymous credential described in public key encryption of the PCA using the time management system, continue to execute described by institute It states anonymous credential and is sent to the RA, and the step of anonymous credential is forwarded to the terminal by the RA, so as to described Terminal utilizes the private after receiving the private key that the time management system is sent when reaching the start time point of timeliness phase The anonymous credential is decrypted in key.
The third aspect, present invention also provides a kind of certificate request method, the method is applied to access and verifies system RA, The described method includes:
The RA is after the encrypted certificate application request for receiving predetermined number, to the encrypted certificate Shen of the predetermined number It please request obscure processing, and the encrypted certificate application request after obscuring is sent to anonymous credential and issues system PCA;
After the RA receives the anonymous credential from the PCA, solution is carried out to the anonymous credential and obscures processing, and will solution Anonymous credential after obscuring is respectively sent to corresponding terminal.
Fourth aspect, present invention also provides a kind of certificate request method, the method is applied to time management system, institute The method of stating includes:
The time management system receives the timeliness application request that the anonymous credential of system PCA is issued from anonymous credential Afterwards, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself, so that the PCA utilizes the time management system Public key encryption described in after anonymous credential, the anonymous credential is sent to terminal;
The time management system sends private key to the terminal when reaching the start time point of timeliness phase, so as to described Terminal is decrypted the anonymous credential using the private key.
5th aspect, present invention also provides a kind of certificate request systems, and the system comprises terminal, accesses to verify system RA and anonymous credential issue system PCA;
The terminal encrypts the certificate request request for carrying encrypted public key for the public key using the PCA, Encrypted certificate application request is obtained, and encrypted certificate application request is sent to the RA;Wherein, the encrypted public key is What the terminal generated;
The RA turns encrypted certificate application request after verifying to encrypted certificate application request It is sent to the PCA;
The PCA obtains the encrypted public key, and utilize institute for encrypted certificate application request to be decrypted It states after encrypted public key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA, and by described The anonymous credential is forwarded to the terminal by RA.
In a kind of optional embodiment, the system also includes time management systems;
The time management system, in the timeliness application request for receiving the anonymous credential that the PCA is sent Afterwards, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself;And when reaching the start time point of timeliness phase to institute It states terminal and sends private key, so that the terminal is decrypted the anonymous credential using the private key;
Correspondingly, the PCA will after being also used to anonymous credential described in the public key encryption using the time management system The anonymous credential is sent to terminal.
In a kind of optional embodiment, the RA is also used in the encrypted certificate application request for receiving predetermined number Afterwards, the encrypted certificate application of predetermined number request is carried out obscuring processing, and the encrypted certificate application after obscuring is requested It is sent to anonymous credential and issues system PCA;And after receiving the anonymous credential from the PCA, to the anonymous credential It carries out solution and obscures processing, and the anonymous credential after solution is obscured is respectively sent to corresponding terminal.
6th aspect, present invention also provides a kind of certificate request device, described device is applied to terminal, described device packet It includes:
First encrypting module, for issuing the public key of system PCA using anonymous credential, to the certificate Shen for carrying encrypted public key It please request to be encrypted, obtain encrypted certificate application request;Wherein, the encrypted public key is what the terminal generated;
First sending module, for encrypted certificate application request to be sent to access verifying system RA, and via institute It states RA and is sent to the PCA, so that encrypted certificate application request is decrypted in the PCA, obtain the encrypted public key, And after being encrypted as the anonymous credential that the terminal generates using the encrypted public key, the anonymous credential is sent to the RA;
First receiving module, for receiving the anonymous credential sent via the RA.
7th aspect, present invention also provides a kind of certificate request device, described device is issued applied to anonymous credential is Unite PCA, and described device includes:
Second receiving module is asked for receiving via the encrypted certificate application for carrying out self terminal of access verifying system RA forwarding It asks;Wherein, the encrypted certificate application request carries the encrypted public key that the terminal generates and the public key encryption using the PCA It obtains;
Deciphering module obtains the encrypted public key after encrypted certificate application request is decrypted;
Second encrypting module, after being encrypted as the anonymous credential that the terminal generates using the encrypted public key, by institute It states anonymous credential and is sent to the RA, so that the anonymous credential is forwarded to the terminal by the RA.
Eighth aspect, present invention also provides a kind of certificate request device, described device is applied to access and verifies system RA, Described device includes:
Module is obscured, for adding after the encrypted certificate application request for receiving predetermined number to the predetermined number The request of close certificate request carries out obscuring processing, and the encrypted certificate application after obscuring requests to be sent to anonymous credential and issues system PCA;
Solution obscures module, after receiving the anonymous credential from the PCA, carries out solution to the anonymous credential and obscures place Reason, and the anonymous credential after solution is obscured is respectively sent to corresponding terminal.
9th aspect, present invention also provides a kind of certificate request device, described device is applied to time management system, institute Stating device includes:
Third receiving module, for receiving the timeliness application request for issuing the anonymous credential of system PCA from anonymous credential Afterwards, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself, so that the PCA utilizes the time management system Public key encryption described in after anonymous credential, the anonymous credential is sent to terminal;
Second sending module, for sending private key to the terminal when reaching the start time point of timeliness phase, with toilet It states terminal and the anonymous credential is decrypted using the private key.
Tenth aspect, present invention also provides a kind of computer readable storage medium, the computer readable storage medium In be stored with instruction, when described instruction is run on the terminal device so that the terminal device execute such as any of the above-described institute The method stated.
Tenth on the one hand, and present invention also provides a kind of certificate request equipment, comprising: memory, processor, and be stored in On the memory and the computer program that can run on the processor, the processor execute the computer program When, realize method as described in any one of the above embodiments.
In certificate request method provided by the present application, before terminal sends certificate request request to PCA, first with The public key of PCA be carry encrypted public key certificate request request encrypted, with guarantee during carrying out certificate request with And be not leaked in the encrypted public key of one lateral terminal of certification authority, and then the certificate of utility encrypted public key encryption Information security, the information security of the final terminal for guaranteeing to communicate using the certificate.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, the drawings in the following description are only some examples of the present application, for For those of ordinary skill in the art, without any creative labor, it can also be obtained according to these attached drawings His attached drawing.
Fig. 1 is a kind of architecture diagram of certificate request system provided by the embodiments of the present application;
Fig. 2 is the architecture diagram of another certificate request system provided by the embodiments of the present application;
Fig. 3 is a kind of certificate request method flow diagram provided by the embodiments of the present application;
Fig. 4 is a kind of information exchange of the certificate request method applied to car networking field provided by the embodiments of the present application Figure;
Fig. 5 is a kind of structural schematic diagram of certificate request device provided by the embodiments of the present application;
Fig. 6 is the structural schematic diagram of another certificate request device provided by the embodiments of the present application;
Fig. 7 is the structural schematic diagram of another certificate request device provided by the embodiments of the present application;
Fig. 8 is the structural schematic diagram of another certificate request device provided by the embodiments of the present application;
Fig. 9 is a kind of structure chart of certificate request equipment provided by the embodiments of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.
In information security field, the problem of there is information leakages during certificate request at present, threaten need into The information security of the terminal of row certificate request.In order to avoid the information leakage problem during certificate request, guarantee certificate request Information security in the process, the final information security for guaranteeing terminal, this application provides a kind of certificate request method, apparatus and sets It is standby.Specifically, the public key first with PCA is the card for carrying encrypted public key before terminal sends certificate request request to PCA Book application request is encrypted, to guarantee adding during carrying out certificate request and in one lateral terminal of certification authority Migong key is not leaked, and then the information security of the certificate of utility encrypted public key encryption, final to guarantee to use the certificate The information security of the terminal of communication.
The application first simply introduces following concept before the introduction for carrying out specific technical solution, in order to Technical solution is understood.
Certification authority (Certificate Authority;CA) the root CA (also referred to as RootCA or RCA) held is institute There are the manager of CA and the center of trusted system, issue junior's CA certificate in a hierarchical fashion, the operation and operation of root CA is equal It is required that under the security context of isolation and determining that its server is off-line state, to prevent it from meeting with the attack of internet.
Access verifies system (Registration Authority;RA) for verifying access certificate, access is only determined Certificate effectively requests just to be performed, mainly for the treatment of the anonymous credential request from terminal device, offer equipment anonymity card Book downloading, certificate request obscure calculating, communication information are communicated and obtained with device end and issues system PCA to anonymous credential Request anonymous credential etc..
Anonymous credential issues system (PseudoymCA;PCA) for issuing anonymous credential in short-term for terminal device, so as to end The interaction of reliable information is realized between end equipment by anonymous credential.
In addition, the application is before the introduction for carrying out specific technical solution, it is also necessary to introduce card provided by the present application System architecture applied by book application method is a kind of framework of certificate request system provided by the embodiments of the present application with reference to Fig. 1 Figure, wherein certificate request system 100 includes that terminal 101, access verifying system RA102 and anonymous credential issue system PCA103.
Wherein, terminal 101 add the certificate request request for carrying encrypted public key for the public key using PCA103 It is close, encrypted certificate application request is obtained, and encrypted certificate application request is sent to RA102.
Terminal in the embodiment of the present application can be for there are the terminals of Anonymous Secure communication requirement in every field, such as can Think the car networking terminal etc. of LTE-V2X (Vehicle-To-Everything) car networking security fields.
In practical application, terminal firstly generates certificate request request, wherein certificate request before carrying out certificate request It may include application certificate type, validity period etc. in request.Specifically, application certificate type may indicate that the certificate that needs are applied For anonymous credential, validity period refers to the validity period of certificate.
In addition, the information security in order to guarantee certificate that certification authority is issued, needs the encrypted public key using terminal Certificate is encrypted.Therefore, terminal needs to carry encrypted public key in certificate request request, so that certification authority can The encrypted public key is obtained, and the certificate issued for the terminal is encrypted using the encrypted public key.But if in certificate Shen Please request form during transmission is that encryption of plaintext public key is leaked, then may be the encryption of the later use encrypted public key Certificate brings security threat, and therefore, the embodiment of the present application needs to guarantee the safety of encrypted public key.
In a kind of embodiment, terminal issues the public key of system PCA to the certificate for carrying encrypted public key using anonymous credential Application request is encrypted, and encrypted certificate application request is obtained.The encrypted certificate application obtained due to the public key encryption using PCA Request, can only be decrypted by the private key of PCA, therefore, during encrypted certificate application requests to transmit, the end of carrying The encrypted public key at end not will be leaked, and ensure that the information security of encrypted public key.
In another embodiment, in order to further ensure the information security of encrypted public key, the embodiment of the present application is right Before certificate request request is encrypted, primary encryption is carried out to the encrypted public key of terminal first with the public key of PCA, obtains public affairs Key ciphertext obtains encrypted certificate application request secondly, the certificate request request for carrying public key cryptography is carried out secondary encryption.This Apply for processing mode of the embodiment by secondary encryption, can further ensure the information security of encrypted public key.
It is worth noting that, usually terminal is to complete the write-in of the public key of PCA in process of production, therefore, the application is real It applies in example, terminal can be encrypted directly using the public key for the PCA that write-in is completed.
In a kind of optional embodiment, terminal includes safety chip and security terminal, specifically, safety chip is for giving birth to At the encrypted public key of terminal, and security terminal is for generating certificate request request.By taking car networking terminal as an example, car networking terminal packet Including safety chip and V2X security terminal can use the public key of PCA after the safety chip of car networking terminal generates encrypted public key It is encrypted to obtain public key cryptography to the encrypted public key, and public key cryptography is exported to the V2X security terminal of car networking terminal, so The certificate request request for carrying public key cryptography is generated by V2X security terminal afterwards, and encrypts the certificate Shen again using the public key of PCA It please request, finally obtain encrypted certificate application request.
In practical application, terminal is sent to RA after obtaining encrypted certificate application request, by encrypted certificate application request, It is subsequent that encrypted certificate application request is forwarded to PCA by RA, to complete certificate request.In general, terminal is by encrypted certificate Application request is sent to before RA, it is also necessary to it is signed using the signature private key of itself to encrypted certificate application request, and Encrypted certificate application request by signature is sent to RA.
The encrypted certificate application is requested to forward by RA102 after verifying encrypted certificate application request To PCA103.
In practical application, RA is being received after the encrypted certificate application request of signature, it is necessary first to which verifying should add The correctness of the signature of close certificate request request, if passing through verifying, it is determined that corresponding terminal is requested in the encrypted certificate application. Then, the private key that itself is re-used by RA signs to encrypted certificate application request, and forwards it to PCA;If Verifying does not pass through, then can recorde the unverified encrypted certificate application request, while the information of failure is returned to terminal.
In order to further ensure that information security, avoid knowing that the encrypted certificate application from RA forwarding is asked in the side PCA The exact source asked, in the embodiment of the present application, RA is after the encrypted certificate application request for receiving predetermined number, to this default Several encrypted certificate application requests carry out obscuring processing, and the encrypted certificate application request after then obscuring is sent to PCA.
In a kind of optional embodiment, it can use and upset function at random and carry out obscuring processing.It illustrates, it is assumed that RA Predetermined number 100 encrypted certificate applications request is received, then be can be used and upset function at random and ask 100 encrypted certificate applications It asks and upsets at random, the encrypted certificate application request after being obscured.It is worth noting that, obscuring for the ease of subsequent corresponding solution Processing, in the embodiment of the present application, RA needs the pre-recorded encrypted certificate application request obscure before processing and terminal Corresponding relationship.
Specifically, RA can determine the encryption after the signature of verifying encrypted certificate application request in a kind of embodiment Certificate request requests corresponding terminal, and records the corresponding relationship of encrypted certificate application request and the terminal.Another kind is implemented In mode, RA also will receive the access certificate of terminal while receiving encrypted certificate application request, RA to the access certificate into After row verifying, the corresponding terminal of access certificate can be determined, it is to be understood that the terminal is to send the encrypted certificate Shen The terminal that please be requested, therefore, RA can recorde the corresponding relationship of encrypted certificate application request and the terminal.
PCA103 obtains the encrypted public key, and described in utilization for encrypted certificate application request to be decrypted After encrypted public key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to RA102, and will by RA102 The anonymous credential is forwarded to terminal 101.
In the embodiment of the present application, PCA solves it using the private key of itself after receiving encrypted certificate application request It is close, the information carried in encrypted certificate application request is obtained, encrypted public key, application certificate type, validity period etc. are generally included. PCA generates anonymous credential based on the above- mentioned information carried in encrypted certificate application request for terminal.Wherein, anonymous credential be can Letter, the information for concealed terminal.
In practical application, in order to guarantee the information security of anonymous credential, in the mistake that anonymous credential is presented to counterpart terminal It needs to encrypt it in journey.In general, PCA is added after getting encrypted public key in encrypted certificate application request using being somebody's turn to do Migong key encrypts the anonymous credential, so that it can be decrypted in counterpart terminal, finally obtains anonymous credential.
Since the embodiment of the present application is that the ciphertext based on encrypted public key transmits it, so in transmission process really The information security of encrypted public key is protected, therefore, PCA is encrypted using anonymous credential of the encrypted public key to generation, can be true Protect the safety of anonymous credential, the information security for the terminal for finally ensuring to be communicated based on the anonymous credential.
In practical application, the anonymous credential encrypted using encrypted public key is sent to RA by PCA, forwards it to correspondence by RA Terminal finally avoid revealing in the side PCA anonymous to avoid to know the corresponding terminal of anonymous credential in the side PCA The corresponding end message of certificate, guarantees the information security of terminal.
In a kind of optional embodiment, if RA has carried out obscuring processing to the encrypted certificate application request received, Corresponding, RA needs to carry out solution when receiving the anonymous credential from PCA and obscures processing.Specifically, RA receive it is any When anonymous credential, it is first determined then the corresponding encrypted certificate application request of the anonymous credential is demonstrate,proved according to pre-recorded encryption The corresponding relationship of book application request and terminal determines the corresponding terminal of the anonymous credential, is finally forwarded to the anonymous credential pair The terminal answered completes the application of certificate.
In order to further increase the information security of anonymous credential, certificate request system provided by the embodiments of the present application further includes Time management system can also include time management system 201, wherein time management system on the basis of Fig. 1 with reference to Fig. 2 System 201 can integrate in the side CA where PCA and RA, can also be with individualism, and specific existence form the application is with no restrictions.
Specifically, PCA103, is also used to after generating anonymous credential for terminal, the institute sent to time management system 201 State the timeliness application request of anonymous credential.
Wherein, timeliness application request in can carry the terminal encrypted certificate application request in include validity period this Parameter, time management system are that the terminal generates timeliness authorization response according to the parameter.
Time management system 201, in the timeliness application request for receiving the anonymous credential that the PCA is sent Afterwards, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself.
PCA103, after being also used to anonymous credential described in the public key encryption using time management system 201, by the anonymous card Book is sent to terminal.
Time management system 201 is also used to send private key to the terminal when reaching the start time point of timeliness phase, with Toilet is stated terminal and the anonymous credential is decrypted using the private key.
In the embodiment of the present application, PCA does not carry out the first re-encryption to anonymous credential merely with the encrypted public key of terminal, simultaneously The second re-encryption also is carried out to anonymous credential using the public key of time management system, finally obtains the anonymous credential of double-encryption.
Time management system is only when reaching the start time point of the anonymous credential corresponding timeliness phase, just to corresponding Terminal sends the private key of itself, decrypts again so that the terminal can carry out first to anonymous credential using the private key, Jin Ercai Second can be carried out to anonymous credential using the encrypted public key of itself to decrypt again, finally obtain anonymous credential, can be used in subsequent Terminal security communication.
Since time management system is by way of sending private key to terminal when the start time point of timeliness phase reaches, control Terminal processed really obtains the time of anonymous credential, avoids anonymous credential and obtains brought information security wind by terminal too early Danger.
Corresponding with above-mentioned certificate request system, the embodiment of the present application also provides a kind of certificate request method, references Fig. 3 is a kind of certificate request method flow diagram provided by the embodiments of the present application, this method comprises:
S301: terminal issues the public key of system PCA using anonymous credential, to carry encrypted public key certificate request request into Row encryption obtains encrypted certificate application request.
S302: encrypted certificate application request is sent to access verifying system RA by terminal, and is sent via the RA To the PCA.
Encrypted certificate application request is decrypted in S303:PCA, obtains the encrypted public key, and add using described After Migong key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA.
S304: terminal receives the anonymous credential sent via the RA.
In the embodiment of the present application, PCA awards equipment by issuing the certificate realization containing authorization message to legitimate device Power, so that equipment can be securely communicated based on the certificate of authorization.Specifically, certificate request request is initiated by terminal, via It is forwarded to PCA after RA verifying, and issues corresponding certificate from PCA to the equipment, certificate is finally sent to the terminal, completes card Book application.In certificate request method provided by the embodiments of the present application, before terminal sends certificate request request to PCA, first Public key using PCA is that the certificate request request of carrying encrypted public key is encrypted, to guarantee in the process for carrying out certificate request In and be not leaked in the encrypted public key of one lateral terminal of certification authority, and then the card of utility encrypted public key encryption The information security of book, the information security of the final terminal for guaranteeing to communicate using the certificate.
In addition, PCA is not merely with the encrypted public key of terminal to anonymity in certificate request method provided by the embodiments of the present application Certificate carries out the first re-encryption, while can also carry out the second re-encryption to anonymous credential using the public key of time management system, Finally obtain the anonymous credential of double-encryption.Time management system when the start time point of timeliness phase reaches to terminal by sending out The mode of private key is sent, controlling terminal really obtains the time of anonymous credential, avoids anonymous credential and obtains institute's band by terminal too early The Information Security Risk come.
Description in the above system embodiment is referred to for the understanding of embodiment of the method, details are not described herein.
With the continuous social and economic development, field of traffic is faced with miscellaneous challenge, such as safety, trip, environment Etc..And intelligent car networking V2X technology gives the various problem effective solution schemes faced in wisdom traffic, LTE-V2X (Vehicle-To-Everything) i.e. vehicle and vehicle (V2V), vehicle and pedestrian (V2P), vehicle and infrastructure (V2I), vehicle and network (V2N) etc. the communication system between allows traffic more wisdom for improving road safety, promote traffic trip efficiency.Through uniting Meter, the application of V2X technology can effectively avoid 81% or so traffic accident, make 30% or more road traffic improved efficiency.With The intelligent network connection automobile of the determination and appearance of national policies, standard, China is expected to that industrialization is done step-by-step, it is contemplated that 2020 The market scale in year is up to 100,000,000,000 yuan.
As vehicle-mounted end equipment becomes the standard configuration of many automobiles, vehicle and cloud server and other mobile devices it is real-time Communication is possibly realized.The information of vehicle includes that a variety of data such as running state of the vehicle and geographical location information can join skill by net Art uploads in cloud or other mobile devices, wherein many data are the important letters for being related to public's privacy and national security Breath.Meanwhile some vehicle-mounted ends can also receive the instruction that cloud issues, make it possible remotely control vehicle behavior.At this In the case of kind, if the data of transmission are maliciously obtained or utilized or vehicle receives and perform illegal instruction, having very much can The event for jeopardizing personal safety can be caused to occur, or even rise to social safety and national security problem.It can be seen that information is pacified That intelligent network connection development of automobile in China's must be taken into consideration and solve the problems, such as and one of eager entirely, challenge and opportunity simultaneously It deposits.
For this purpose, can be applied to LTE-V2X car networking information security neck this application provides a kind of certificate request method Domain, specifically, passing through and requesting the certificate request for carrying encrypted public key during car networking terminal is to PCA application certificate Encrypted transmission, it is ensured that encrypted public key is not leaked, to ensure that the information security of the certificate using encrypted public key encryption, finally It ensure that the information security of the car networking terminal based on certificate communication.
It is a kind of information of the certificate request method applied to car networking field provided by the embodiments of the present application with reference to Fig. 4 Interaction figure, wherein car networking terminal is also known as V2X equipment, this method comprises:
The encrypted public key that safety chip in S401:V2X equipment is pre-generated using the public key encryption of PCA, obtains public key Ciphertext.
Security terminal in S402:V2X equipment generates the certificate request request for carrying public key cryptography, and utilizes the public affairs of PCA Key encrypts certificate request request, obtains encrypted certificate application request.
It wherein, can also include application certificate type, validity period, public signature key value, signature value etc. in certificate request request.
After S403:V2X equipment signs to encrypted certificate application request, RA is sent it to.
S404:RA verifies the correctness of the signature of encrypted certificate application request, and after being verified, to predetermined number Encrypted certificate application request carries out obscuring processing, obtains obscuring rear encrypted certificate application request.
It is worth noting that, RA after passing through to signature verification, determines that the encrypted certificate application requests corresponding V2X to set It is standby, and record the corresponding relationship of encrypted certificate application request and the V2X equipment.In addition, V2X equipment asks encrypted certificate application It asks while be sent to RA, the access certificate of itself is also sent to RA, access certificate is verified by RA, with determine should V2X equipment has the permission of application anonymous credential.In addition, RA also can since access certificate carries the mark of V2X equipment It determines that corresponding V2X equipment is requested in encrypted certificate application by access certificate, and records encrypted certificate application request and the V2X The corresponding relationship of equipment.
It is worth noting that, the corresponding relationship of encrypted certificate the application request and V2X equipment of RA record, can be used in subsequent Processing is obscured to the solution of anonymous credential.
S405:RA is requested after signing rear encrypted certificate application is obscured, and sends it to PCA.
The correctness of the signature of rear encrypted certificate application request is obscured in S406:PCA verifying, and after being verified, utilizes The private key of itself is decrypted to rear encrypted certificate application request is obscured, and obtains each obscuring in rear encrypted certificate application request Encrypted public key.
S407:PCA generates anonymous credential according to the information in encrypted certificate application request, and utilizes corresponding encrypted public key Anonymous credential is encrypted.
S408:PCA sends the timeliness application request of each anonymous credential to time management system;Wherein, timeliness application is asked Seek the expiration parameter carried in certificate request request.
S409: time management system returns to the timeliness authorization response for carrying the public key of itself to PCA.
S410:PCA using time management system public key to anonymous credential carry out the second re-encryption, and to anonymous credential into After row signature, it is sent to RA.
S411:RA verifies the correctness of the signature of anonymous credential, and after being verified, carries out solution to anonymous credential and obscure Processing;After anonymous credential after obscuring solution is signed, according to encrypted certificate application request and the V2X equipment recorded before obscuring Corresponding relationship, send it to corresponding V2X equipment.
The correctness of the signature of S412:V2X device authentication anonymous credential.
S413: time management system issues the certificate with private key to V2X equipment when reaching validity period, so that V2X is set Anonymous credential is decrypted in the standby private key using in the certificate.
In practical application, time management system is when reaching validity period to issuing licence under V2X equipment, wherein wraps in certificate Containing the private key that first for anonymous credential is decrypted again, in addition, also include the public key etc. for sign test in the certificate issued, After V2X equipment receives the certificate that time management system issues, the public key of the sign test carried first with the certificate demonstrate,proves anonymity Book is verified, and to determine that the anonymous credential is issued by time management system, then utilizes the private key carried in the certificate First is carried out to the anonymous credential to decrypt again.
Since time management system is only when reaching validity period, Cai Huixiang V2X equipment issues the certificate with private key, That is only when reaching validity period, V2X equipment can utilize the private key from time management system to anonymous credential into Row decryption.It is understood that the anonymous credential in V2X equipment end is ciphertext form due to before validity period reaches, because This, can guarantee the information security of anonymous credential during this period.
The private key of S414:V2X equipment utilization time management system carries out first to anonymous credential and decrypts again, then using certainly The encrypted public key of body carries out second to anonymous credential and decrypts again, obtains anonymous credential.
V2X equipment decrypted after anonymous credential after, can be securely communicated based on the anonymous credential, be guaranteed logical Letter safety.
It is worth noting that, the method for the accuracy of signature and verifying signature in the embodiment of the present application is that this field is more normal Method, this will not be repeated here.
Certificate request method provided by the embodiments of the present application can ensure that encrypted public key is not leaked, thus it is guaranteed that by The information security of the anonymous credential of encrypted public key encryption.Illegal user can not be anonymous by decryption in V2X equipment communication process Certificate determines which information is to belong to the same V2X equipment, can not obtain the complete path information etc. of same vehicle, avoid vehicle Information security issue in networking.
Corresponding with above-described embodiment, the embodiment of the present application also provides a kind of certificate request devices with reference to Fig. 5 is A kind of structural schematic diagram of certificate request device provided by the embodiments of the present application, described device are applied to terminal, described device 500 Include:
First encrypting module 501, for issuing the public key of system PCA using anonymous credential, to the card for carrying encrypted public key Book application request is encrypted, and encrypted certificate application request is obtained;Wherein, the encrypted public key is what the terminal generated;
First sending module 502, for by the encrypted certificate application request be sent to access verifying system RA, and via The RA is sent to the PCA, so that encrypted certificate application request is decrypted in the PCA, it is public to obtain the encryption Key, and after being encrypted as the anonymous credential that the terminal generates using the encrypted public key, the anonymous credential is sent to described RA;
First receiving module 503, for receiving the anonymous credential sent via the RA.
It is described for the embodiment of the present application also provides a kind of structural schematic diagram of certificate request device in addition, with reference to Fig. 6 Device is applied to anonymous credential and issues system PCA, and described device 600 includes:
Second receiving module 601, for receiving the encrypted certificate Shen for carrying out self terminal via access verifying system RA forwarding It please request;Wherein, the encrypted certificate application request carries the encrypted public key of the terminal and the public key encryption using the PCA It obtains;
Deciphering module 602 obtains the encrypted public key after encrypted certificate application request is decrypted;
Second encrypting module 603 will after being encrypted as the anonymous credential that the terminal generates using the encrypted public key The anonymous credential is sent to the RA, so that the anonymous credential is forwarded to the terminal by the RA.
It is described for the embodiment of the present application also provides a kind of structural schematic diagram of certificate request device in addition, with reference to Fig. 7 Device is applied to access and verifies system RA, and described device 700 includes:
Obscure module 701, for receive predetermined number encrypted certificate application request after, to the predetermined number Encrypted certificate application request carries out obscuring processing, and the encrypted certificate application after obscuring request to be sent to anonymous credential and issue be Unite PCA;
Solution obscures module 702, and after receiving the anonymous credential from the PCA, it is mixed to carry out solution to the anonymous credential Confuse processing, and the anonymous credential after solution is obscured is respectively sent to corresponding terminal.
It is described for the embodiment of the present application also provides a kind of structural schematic diagram of certificate request device in addition, with reference to Fig. 8 Device is applied to time management system, and described device 800 includes:
Third receiving module 801, the timeliness application for receiving the anonymous credential for issuing system PCA from anonymous credential are asked After asking, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself, so that the PCA utilizes the time management system After anonymous credential described in the public key encryption of system, the anonymous credential is sent to terminal;
Second sending module 802, for sending private key to the terminal when reaching the start time point of timeliness phase, so as to The terminal is decrypted the anonymous credential using the private key.
The embodiment of the present application provides in certificate request device, before sending certificate request request to PCA, first with The public key of PCA be carry encrypted public key certificate request request encrypted, with guarantee during carrying out certificate request with And be not leaked in the encrypted public key of one lateral terminal of certification authority, and then the certificate of utility encrypted public key encryption Information security, the information security of the final terminal for guaranteeing to communicate using the certificate.
In addition, the embodiment of the present application also provides a kind of certificate request equipment, it is shown in Figure 9, may include:
Processor 901, memory 902, input unit 903 and output device 904.Processor in certificate request equipment 901 quantity can be one or more, take a processor as an example in Fig. 9.In some embodiments of the invention, processor 901, memory 902, input unit 903 and output device 904 can be connected by bus or other means, wherein with logical in Fig. 9 It crosses for bus connection.
Memory 902 can be used for storing software program and module, and processor 901 is stored in memory 902 by operation Software program and module, thereby executing the various function application and data processing of certificate request equipment.Memory 902 can It mainly include storing program area and storage data area, wherein storing program area can be needed for storage program area, at least one function Application program etc..In addition, memory 902 may include high-speed random access memory, it can also include non-volatile memories Device, for example, at least a disk memory, flush memory device or other volatile solid-state parts.Input unit 903 can be used It is related with the user setting of certificate request equipment and function control in the number or character information that receive input, and generation Signal input.
Specifically in the present embodiment, processor 901 can be according to following instruction, by one or more application program The corresponding executable file of process be loaded into memory 902, and run and be stored in memory 902 by processor 901 Application program, to realize the various functions in above-mentioned certificate request method.
In addition, being deposited in the computer readable storage medium present invention also provides a kind of computer readable storage medium Instruction is contained, when described instruction is run on the terminal device, so that the terminal device executes above-mentioned certificate request method.
It is understood that for device embodiment, since it corresponds essentially to embodiment of the method, so correlation Place illustrates referring to the part of embodiment of the method.The apparatus embodiments described above are merely exemplary, wherein described Unit may or may not be physically separated as illustrated by the separation member, and component shown as a unit can be with It is or may not be physical unit, it can it is in one place, or may be distributed over multiple network units.It can It is achieved the purpose of the solution of this embodiment with selecting some or all of the modules therein according to the actual needs.This field is common Technical staff can understand and implement without creative efforts.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.
A kind of certificate request method, device and equipment provided by the embodiment of the present application is described in detail above, Specific examples are used herein to illustrate the principle and implementation manner of the present application, and the explanation of above embodiments is only used The present processes and its core concept are understood in help;At the same time, for those skilled in the art, according to the application's Thought, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not be construed as Limitation to the application.

Claims (10)

1. a kind of certificate request method, which is characterized in that the method is applied to terminal, which comprises
The public key that system PCA is issued using anonymous credential encrypts the certificate request request for carrying encrypted public key, is added Close certificate request request;Wherein, the encrypted public key is what the terminal generated;
Encrypted certificate application request is sent to access verifying system RA, and is sent to the PCA via the RA, so as to Encrypted certificate application request is decrypted in the PCA, obtains the encrypted public key, and encrypt using the encrypted public key After the anonymous credential generated for the terminal, the anonymous credential is sent to the RA;
Receive the anonymous credential sent via the RA.
2. a kind of certificate request method, which is characterized in that the method is applied to anonymous credential and issues system PCA, the method Include:
The PCA is received to be requested via the encrypted certificate application for carrying out self terminal of access verifying system RA forwarding;Wherein, described to add Close certificate request request is carried the encrypted public key that the terminal generates and is obtained using the public key encryption of the PCA;
After encrypted certificate application request is decrypted in the PCA, the encrypted public key is obtained, and public using the encryption After key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA, so as to by the RA by institute It states anonymous credential and is forwarded to the terminal.
3. a kind of certificate request method, which is characterized in that the method is applied to access and verifies system RA, which comprises
The RA asks the encrypted certificate application of the predetermined number after the encrypted certificate application request for receiving predetermined number It asks and obscure processing, and the encrypted certificate application request after obscuring is sent to anonymous credential and issues system PCA;
After the RA receives the anonymous credential from the PCA, solution is carried out to the anonymous credential and obscures processing, and solution is obscured Anonymous credential afterwards is respectively sent to corresponding terminal.
4. a kind of certificate request method, which is characterized in that the method is applied to time management system, which comprises
After the time management system receives the timeliness application request for the anonymous credential for issuing system PCA from anonymous credential, to The PCA returns to the timeliness authorization response for carrying the public key of itself, so that the PCA utilizes the public key of the time management system After encrypting the anonymous credential, the anonymous credential is sent to terminal;
The time management system sends private key to the terminal when reaching the start time point of timeliness phase, so as to the terminal The anonymous credential is decrypted using the private key.
5. a kind of certificate request system, which is characterized in that the system comprises terminal, access verifying system RA and anonymous credentials to issue Hair system PCA;
The terminal encrypts the certificate request request for carrying encrypted public key, obtains for the public key using the PCA Encrypted certificate application request, and encrypted certificate application request is sent to the RA;Wherein, the encrypted public key is described What terminal generated;
Encrypted certificate application request is forwarded to by the RA after verifying to encrypted certificate application request The PCA;
The PCA obtains the encrypted public key, and add using described for encrypted certificate application request to be decrypted After Migong key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA, and will by the RA The anonymous credential is forwarded to the terminal.
6. a kind of certificate request device, which is characterized in that described device is applied to terminal, and described device includes:
First encrypting module asks the certificate request for carrying encrypted public key for being issued the public key of system PCA using anonymous credential It asks and is encrypted, obtain encrypted certificate application request;Wherein, the encrypted public key is what the terminal generated;
First sending module, for encrypted certificate application request to be sent to access verifying system RA, and via the RA It is sent to the PCA, so that encrypted certificate application request is decrypted in the PCA, obtains the encrypted public key, and benefit After being encrypted as the anonymous credential that the terminal generates with the encrypted public key, the anonymous credential is sent to the RA;
First receiving module, for receiving the anonymous credential sent via the RA.
7. a kind of certificate request device, which is characterized in that described device is applied to anonymous credential and issues system PCA, described device Include:
Second receiving module, for receiving the encrypted certificate application request for carrying out self terminal via access verifying system RA forwarding; Wherein, the encrypted certificate application request is carried the encrypted public key of the terminal generation and is obtained using the public key encryption of the PCA It arrives;
Deciphering module obtains the encrypted public key after encrypted certificate application request is decrypted;
Second encrypting module is hidden after being encrypted as the anonymous credential that the terminal generates using the encrypted public key by described Name certificate is sent to the RA, so that the anonymous credential is forwarded to the terminal by the RA.
8. a kind of certificate request device, which is characterized in that described device is applied to access and verifies system RA, and described device includes:
Module is obscured, for demonstrate,proving the encryption of the predetermined number after the encrypted certificate application request for receiving predetermined number Book application request carries out obscuring processing, and the encrypted certificate application after obscuring requests to be sent to anonymous credential and issues system PCA;
Solution obscures module, after receiving the anonymous credential from the PCA, carries out solution to the anonymous credential and obscures processing, And the anonymous credential after obscuring solution is respectively sent to corresponding terminal.
9. a kind of computer readable storage medium, which is characterized in that instruction is stored in the computer readable storage medium, when When described instruction is run on the terminal device, so that the terminal device executes method according to any of claims 1-4.
10. a kind of certificate request equipment characterized by comprising memory, processor, and be stored on the memory simultaneously The computer program that can be run on the processor when the processor executes the computer program, is realized as right is wanted Seek the described in any item methods of 1-4.
CN201910575537.3A 2019-06-28 2019-06-28 Certificate application method, device and equipment Active CN110365486B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910575537.3A CN110365486B (en) 2019-06-28 2019-06-28 Certificate application method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910575537.3A CN110365486B (en) 2019-06-28 2019-06-28 Certificate application method, device and equipment

Publications (2)

Publication Number Publication Date
CN110365486A true CN110365486A (en) 2019-10-22
CN110365486B CN110365486B (en) 2022-08-16

Family

ID=68215936

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910575537.3A Active CN110365486B (en) 2019-06-28 2019-06-28 Certificate application method, device and equipment

Country Status (1)

Country Link
CN (1) CN110365486B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995412A (en) * 2019-12-02 2020-04-10 西安邮电大学 Certificateless ring signcryption method based on multiplicative group
CN111130777A (en) * 2019-12-31 2020-05-08 北京数字认证股份有限公司 Issuing management method and system for short-lived certificate
CN113015159A (en) * 2019-12-03 2021-06-22 中国移动通信有限公司研究院 Initial security configuration method, security module and terminal
CN113225733A (en) * 2020-01-19 2021-08-06 中国移动通信有限公司研究院 User identification module, certificate acquisition method, device and storage medium
CN113765667A (en) * 2020-06-02 2021-12-07 大唐移动通信设备有限公司 Anonymous certificate application method, device authentication method, device, apparatus and medium
CN114900302A (en) * 2022-07-12 2022-08-12 杭州天谷信息科技有限公司 Anonymous certificate issuing method
WO2023010871A1 (en) * 2021-08-05 2023-02-09 中兴通讯股份有限公司 Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1784643A (en) * 2003-06-04 2006-06-07 国际商业机器公司 Method and system for controlling the disclosure time of information
CN1801029A (en) * 2004-12-31 2006-07-12 联想(北京)有限公司 Method for generating digital certificate and applying the generated digital certificate
CN104904156A (en) * 2013-01-08 2015-09-09 三菱电机株式会社 Authentication processing device, authentication processing system, authentication processing method and authentication processing program
CN106533692A (en) * 2016-11-01 2017-03-22 济南浪潮高新科技投资发展有限公司 Digital certificate application method based on TPM
US20190123915A1 (en) * 2017-10-22 2019-04-25 Marcos A. Simplicio, JR. Cryptographic methods and systems for managing digital certificates

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1784643A (en) * 2003-06-04 2006-06-07 国际商业机器公司 Method and system for controlling the disclosure time of information
CN1801029A (en) * 2004-12-31 2006-07-12 联想(北京)有限公司 Method for generating digital certificate and applying the generated digital certificate
CN104904156A (en) * 2013-01-08 2015-09-09 三菱电机株式会社 Authentication processing device, authentication processing system, authentication processing method and authentication processing program
CN106533692A (en) * 2016-11-01 2017-03-22 济南浪潮高新科技投资发展有限公司 Digital certificate application method based on TPM
US20190123915A1 (en) * 2017-10-22 2019-04-25 Marcos A. Simplicio, JR. Cryptographic methods and systems for managing digital certificates

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995412A (en) * 2019-12-02 2020-04-10 西安邮电大学 Certificateless ring signcryption method based on multiplicative group
CN110995412B (en) * 2019-12-02 2020-11-10 西安邮电大学 Certificateless ring signcryption method based on multiplicative group
CN113015159A (en) * 2019-12-03 2021-06-22 中国移动通信有限公司研究院 Initial security configuration method, security module and terminal
CN111130777A (en) * 2019-12-31 2020-05-08 北京数字认证股份有限公司 Issuing management method and system for short-lived certificate
CN111130777B (en) * 2019-12-31 2022-09-30 北京数字认证股份有限公司 Issuing management method and system for short-lived certificate
CN113225733A (en) * 2020-01-19 2021-08-06 中国移动通信有限公司研究院 User identification module, certificate acquisition method, device and storage medium
CN113225733B (en) * 2020-01-19 2023-01-13 中国移动通信有限公司研究院 User identification module, certificate acquisition method, device and storage medium
CN113765667A (en) * 2020-06-02 2021-12-07 大唐移动通信设备有限公司 Anonymous certificate application method, device authentication method, device, apparatus and medium
WO2023010871A1 (en) * 2021-08-05 2023-02-09 中兴通讯股份有限公司 Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium
CN114900302A (en) * 2022-07-12 2022-08-12 杭州天谷信息科技有限公司 Anonymous certificate issuing method
CN114900302B (en) * 2022-07-12 2022-11-25 杭州天谷信息科技有限公司 Anonymous certificate issuing method

Also Published As

Publication number Publication date
CN110365486B (en) 2022-08-16

Similar Documents

Publication Publication Date Title
CN110365486A (en) A kind of certificate request method, device and equipment
CN111049660B (en) Certificate distribution method, system, device and equipment, and storage medium
US10567370B2 (en) Certificate authority
CN110460439A (en) Information transferring method, device, client, server-side and storage medium
KR101837338B1 (en) Cloud-Assisted Conditional Privacy Preserving Authentication Method for VANET and System Therefor
CN105577613B (en) A kind of method of sending and receiving of key information, equipment and system
CN110061846A (en) Identity authentication method and relevant device are carried out to user node in block chain
CN112671798A (en) Service request method, device and system in Internet of vehicles
CN103856477A (en) Trusted computing system, corresponding attestation method and corresponding devices
CN102594558A (en) Anonymous digital certificate system and verification method of trustable computing environment
CN112528250A (en) System and method for realizing data privacy and digital identity through block chain
CN110267270A (en) A kind of substation's inner sensor terminal access Border Gateway authentication intelligence contract
KR100947119B1 (en) Verification method, method and terminal for certificate management
KR101631635B1 (en) Method, device, and system for identity authentication
CN109981287A (en) A kind of code signature method and its storage medium
CN103974255A (en) System and method for vehicle access
CN110932850A (en) Communication encryption method and system
CN109495441A (en) Access authentication method, device, relevant device and computer readable storage medium
Berlato et al. Smart card-based identity management protocols for V2V and V2I communications in CCAM: A systematic literature review
CN114091009A (en) Method for establishing secure link by using distributed identity
Kleberger et al. Protecting vehicles against unauthorised diagnostics sessions using trusted third parties
Pirker et al. Trust-provisioning infrastructure for a global and secured UAV authentication system
Lee et al. FIT: Design and implementation of fast ID tracking system on chip for vehicular ad-hoc networks
Akhlaq et al. Empowered certification authority in vanets
CN104580195B (en) A kind of permission publication acquisition control method based on software digital Credential-Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant