CN110365486B - Certificate application method, device and equipment - Google Patents
Certificate application method, device and equipment Download PDFInfo
- Publication number
- CN110365486B CN110365486B CN201910575537.3A CN201910575537A CN110365486B CN 110365486 B CN110365486 B CN 110365486B CN 201910575537 A CN201910575537 A CN 201910575537A CN 110365486 B CN110365486 B CN 110365486B
- Authority
- CN
- China
- Prior art keywords
- certificate
- encrypted
- anonymous
- public key
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a certificate application method, a device and equipment.A terminal encrypts a certificate application request carrying an encrypted public key by using a public key of a PCA (anonymous certificate authority) of an anonymous certificate authority system to obtain an encrypted certificate application request; encrypting a public key generated by the terminal; sending the encrypted certificate application request to an access verification system (RA), and sending the encrypted certificate application request to the PCA through the RA, so that the PCA can decrypt the encrypted certificate application request to obtain the encrypted public key, and after encrypting an anonymous certificate generated for the terminal by using the encrypted public key, sending the anonymous certificate to the RA; receiving the anonymous credential sent via the RA. The method and the device can ensure that the encryption public key of the terminal at one side of the certificate authority is not revealed in the process of applying the certificate, further ensure the information security of the certificate encrypted by using the encryption public key, and finally ensure the information security of the terminal using the certificate for communication.
Description
Technical Field
The present application relates to the field of data processing, and in particular, to a certificate application method, apparatus, and device.
Background
In the field of information security, before each terminal communicates information, it is necessary to apply for a Certificate to an Authority responsible for issuing and managing digital certificates, i.e., a Certificate Authority (CA).
However, compared with the implicit certificate, the displayed certificate has the defect that the public key information is explicit and invariable in the certificate application process, once the public key information is leaked, the related information of the corresponding terminal is also leaked, and the information security of the terminal is seriously threatened.
Therefore, how to guarantee the information security in the process of applying for the explicit certificate is a problem which needs to be solved urgently at present.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus, and a device for applying a certificate, which can ensure information security in a certificate application process as much as possible.
In a first aspect, to achieve the above object, the present application provides a certificate application method, where the certificate application method is applied to a terminal, and the method includes:
encrypting the certificate application request carrying the encrypted public key by using the public key of the anonymous certificate issuing system PCA to obtain an encrypted certificate application request; wherein, the encryption public key is generated by the terminal;
sending the encrypted certificate application request to an access authentication system (RA) and sending the encrypted certificate application request to the PCA through the RA, so that the PCA can decrypt the encrypted certificate application request to obtain the encrypted public key, and after encrypting an anonymous certificate generated for the terminal by using the encrypted public key, sending the anonymous certificate to the RA;
receiving the anonymous credential sent via the RA.
In an optional embodiment, before the encrypting the certificate application request carrying the encrypted public key by using the public key of the anonymous certificate issuing system PCA to obtain the encrypted certificate application request, the method further includes:
encrypting the encrypted public key generated by the terminal by using the public key of the PCA to obtain a public key ciphertext;
correspondingly, the public key of the anonymous certificate issuing system PCA is used for encrypting the certificate application request carrying the encrypted public key to obtain an encrypted certificate application request, which specifically comprises the following steps:
and encrypting the certificate application request carrying the public key ciphertext by using the public key of the PCA to obtain an encrypted certificate application request.
In a second aspect, the present application further provides a certificate application method, which is applied to an anonymous certificate issuing system PCA, and the method includes:
the PCA receives an encryption certificate application request from a terminal forwarded by an admission verification system RA; the encryption certificate application request carries an encryption public key generated by the terminal and is obtained by encrypting by using the public key of the PCA;
and after decrypting the encrypted certificate application request by the PCA, obtaining the encrypted public key, encrypting an anonymous certificate generated for the terminal by using the encrypted public key, and then sending the anonymous certificate to the RA, so that the RA forwards the anonymous certificate to the terminal.
In an optional embodiment, after generating the anonymous certificate for the terminal, the method further includes:
after the PCA sends an aging application request of the anonymous certificate to a time management system, receiving an aging authorization response of the anonymous certificate from the time management system;
accordingly, prior to sending the anonymous credential to the RA, further comprising:
and after encrypting the anonymous certificate by the PCA by using the public key of the time management system, continuing to execute the step of sending the anonymous certificate to the RA and forwarding the anonymous certificate to the terminal by the RA, so that the terminal decrypts the anonymous certificate by using the private key after receiving the private key sent by the time management system when the time management system reaches the initial time point of the time validity period.
In a third aspect, the present application further provides a certificate application method, where the certificate application method is applied to an admission verification system RA, and the method includes:
after receiving a preset number of encrypted certificate application requests, the RA performs obfuscation processing on the preset number of encrypted certificate application requests, and sends the obfuscated encrypted certificate application requests to a PCA (anonymous certificate authority);
and after receiving the anonymous certificate from the PCA, the RA performs confusion resolution on the anonymous certificate and respectively sends the confusion-resolved anonymous certificate to the corresponding terminal.
In a fourth aspect, the present application further provides a certificate application method, where the certificate application method is applied to a time management system, and the method includes:
the time management system receives an aging application request of an anonymous certificate from an anonymous certificate issuing system (PCA), and then returns an aging authorization response carrying a public key of the time management system to the PCA, so that the PCA encrypts the anonymous certificate by using the public key of the time management system and then sends the anonymous certificate to a terminal;
and the time management system sends a private key to the terminal when the starting time point of the time validity is reached, so that the terminal can decrypt the anonymous certificate by using the private key.
In a fifth aspect, the present application further provides a certificate application system, where the system includes a terminal, an admission verification system RA, and an anonymous certificate authority system PCA;
the terminal is used for encrypting the certificate application request carrying the encrypted public key by using the public key of the PCA to obtain an encrypted certificate application request and sending the encrypted certificate application request to the RA; the encryption public key is generated by the terminal;
the RA is used for forwarding the encryption certificate application request to the PCA after verifying the encryption certificate application request;
and the PCA is used for decrypting the encrypted certificate application request to obtain the encrypted public key, encrypting the anonymous certificate generated for the terminal by using the encrypted public key, then sending the anonymous certificate to the RA, and forwarding the anonymous certificate to the terminal by the RA.
In an alternative embodiment, the system further comprises a time management system;
the time management system is used for returning an aging authorization response carrying a public key of the time management system to the PCA after receiving an aging application request of the anonymous certificate sent by the PCA; and sending a private key to the terminal when the starting time point of the time-validity period is reached, so that the terminal can decrypt the anonymous certificate by using the private key;
correspondingly, the PCA is further configured to encrypt the anonymous certificate with the public key of the time management system, and then send the anonymous certificate to the terminal.
In an optional implementation manner, the RA is further configured to perform obfuscation processing on a preset number of encrypted certificate application requests after receiving the preset number of encrypted certificate application requests, and send the obfuscated encrypted certificate application requests to an anonymous certificate issuing system PCA; and after receiving the anonymous certificate from the PCA, performing confusion resolution on the anonymous certificate, and respectively sending the confusion-resolved anonymous certificate to corresponding terminals.
In a sixth aspect, the present application further provides a certificate application apparatus, where the apparatus is applied to a terminal, and the apparatus includes:
the first encryption module is used for encrypting the certificate application request carrying the encrypted public key by utilizing the public key of the anonymous certificate issuing system PCA to obtain an encrypted certificate application request; wherein, the encryption public key is generated by the terminal;
the first sending module is used for sending the encrypted certificate application request to an access authentication system (RA) and sending the encrypted certificate application request to the PCA through the RA, so that the PCA can decrypt the encrypted certificate application request to obtain the encrypted public key, and after an anonymous certificate generated for the terminal is encrypted by using the encrypted public key, the anonymous certificate is sent to the RA;
a first receiving module to receive the anonymous credential sent via the RA.
In a seventh aspect, the present application further provides a certificate application apparatus, which is applied to an anonymous certificate issuing system PCA, and the apparatus includes:
a second receiving module, configured to receive an encrypted certificate application request from a terminal, which is forwarded by an admission verification system RA; the encryption certificate application request carries an encryption public key generated by the terminal and is obtained by encrypting by using the public key of the PCA;
the decryption module is used for decrypting the encrypted certificate application request to obtain the encrypted public key;
and the second encryption module is used for sending the anonymous certificate to the RA after the anonymous certificate generated for the terminal is encrypted by using the encrypted public key, so that the RA forwards the anonymous certificate to the terminal.
In an eighth aspect, the present application further provides a certificate application apparatus, which is applied to an admission verification system RA, and includes:
the confusion module is used for performing confusion processing on the encryption certificate application requests with the preset number after receiving the encryption certificate application requests with the preset number, and sending the confused encryption certificate application requests to the anonymous certificate issuing system PCA;
and the confusion resolution module is used for receiving the anonymous certificate from the PCA, performing confusion resolution processing on the anonymous certificate, and respectively sending the anonymous certificate after confusion resolution to the corresponding terminals.
In a ninth aspect, the present application further provides a certificate application apparatus, which is applied to a time management system, and includes:
the third receiving module is used for returning an aging authorization response carrying a self public key to the PCA after receiving an aging application request of the anonymous certificate from the anonymous certificate issuing system PCA, so that the anonymous certificate is sent to a terminal after the anonymous certificate is encrypted by the PCA by using the public key of the time management system;
and the second sending module is used for sending a private key to the terminal when the starting time point of the time-validity period is reached, so that the terminal can decrypt the anonymous certificate by using the private key.
In a tenth aspect, the present application also provides a computer-readable storage medium having stored therein instructions that, when run on a terminal device, cause the terminal device to perform the method according to any one of the preceding claims.
In an eleventh aspect, the present application further provides a certificate application apparatus, including: a memory, a processor, and a computer program stored on the memory and executable on the processor, when executing the computer program, implementing the method as in any one of the above.
In the certificate application method provided by the application, before the terminal sends the certificate application request to the PCA, the public key of the PCA is firstly used for encrypting the certificate application request carrying the encrypted public key so as to ensure that the encrypted public key of the terminal is not leaked in the process of applying the certificate and at one side of a certificate authority, further ensure the information security of the certificate encrypted by using the encrypted public key, and finally ensure the information security of the terminal using the certificate for communication.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is an architecture diagram of a certificate application system according to an embodiment of the present application;
FIG. 2 is a block diagram of another certificate application system according to an embodiment of the present application;
fig. 3 is a flowchart of a certificate application method according to an embodiment of the present application;
fig. 4 is an information interaction diagram of a certificate application method applied to the field of internet of vehicles according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a certificate application apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of another certificate application apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another certificate application apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of another certificate application apparatus according to an embodiment of the present application;
fig. 9 is a structural diagram of a certificate application apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
In the field of information security, the problem of information leakage exists in the process of applying for the certificate at present, and the information security of a terminal needing to apply for the certificate is threatened. In order to avoid the problem of information leakage in the certificate application process, ensure the information security in the certificate application process and finally ensure the information security of a terminal, the application provides a certificate application method, a certificate application device and equipment. Specifically, before the terminal sends the certificate application request to the PCA, the public key of the PCA is first used to encrypt the certificate application request carrying the encrypted public key, so as to ensure that the encrypted public key of the terminal is not leaked during the certificate application process and at the side of the certificate authority, thereby ensuring the information security of the certificate encrypted by using the encrypted public key, and finally ensuring the information security of the terminal using the certificate for communication.
Before describing specific technical solutions, the present application first briefly introduces the following concepts to facilitate understanding of the technical solutions.
A root CA (also called RootCA or RCA) at a Certificate Authority (CA) end is a manager of all CAs and is also a center of a trusted system, and issues subordinate CA certificates in a layered manner, wherein both the operation and the running of the root CA require an isolated secure environment and determine that a server thereof is in an offline state to prevent the root CA from being attacked by the internet.
The admission verification system (RA) is used for verifying an admission certificate, is executed only when a request for determining that the admission certificate is valid is determined, and is mainly used for processing an anonymous certificate request from terminal equipment, providing equipment anonymous certificate downloading, performing confusion calculation on the certificate request, communicating with the equipment terminal, acquiring communication information, requesting the anonymous certificate from an anonymous certificate issuing system (PCA), and the like.
The anonymous certificate issuing system (pseudoymCA; PCA) is used for issuing a short-time anonymous certificate for the terminal equipment so as to facilitate the interaction of trusted information between the terminal equipment through the anonymous certificate.
In addition, before introducing a specific technical solution, a system architecture applied to the certificate application method provided by the present application needs to be introduced, and referring to fig. 1, an architecture diagram of a certificate application system provided by an embodiment of the present application is provided, where the certificate application system 100 includes a terminal 101, an admission verification system RA102, and an anonymous certificate issuance system PCA 103.
The terminal 101 is configured to encrypt a certificate application request carrying an encrypted public key by using the public key of the PCA103 to obtain an encrypted certificate application request, and send the encrypted certificate application request to the RA 102.
The terminal in the embodiment of the application may be a terminal with anonymous secure communication requirements in various fields, for example, may be a Vehicle networking terminal in the LTE-V2X (Vehicle-To-event) Vehicle networking security field, and the like.
In practical application, before applying for a certificate, a terminal first generates a certificate application request, where the certificate application request may include a type of application certificate, a validity period, and the like. Specifically, the type of the certificate application may indicate that the certificate to be applied is an anonymous certificate, and the validity period refers to the validity period of the certificate.
In addition, in order to secure information of a certificate issued by a certificate authority, the certificate needs to be encrypted by using an encryption public key of the terminal. Therefore, the terminal needs to carry the encrypted public key in the certificate application request, so that the certificate authority can obtain the encrypted public key and encrypt the certificate issued to the terminal by using the encrypted public key. However, if the encrypted public key in the form of plaintext is leaked in the process of requesting transmission of the certificate application, security threats may be brought to the certificate subsequently encrypted by using the encrypted public key, and therefore, the security of the encrypted public key needs to be ensured in the embodiment of the present application.
In one embodiment, the terminal encrypts the certificate application request carrying the encrypted public key by using the public key of the anonymous certificate issuing system PCA to obtain the encrypted certificate application request. Because the encrypted certificate application request obtained by encrypting the public key of the PCA can only be decrypted by the private key of the PCA, the carried encrypted public key of the terminal cannot be leaked in the process of transmitting the encrypted certificate application request, and the information security of the encrypted public key is ensured.
In another embodiment, in order to further ensure the information security of the encrypted public key, in the embodiment of the present application, before encrypting the certificate application request, the public key of the PCA is first used to encrypt the encrypted public key of the terminal to obtain a public key ciphertext, and then the certificate application request carrying the public key ciphertext is secondarily encrypted to obtain an encrypted certificate application request. According to the embodiment of the application, the information security of the encrypted public key can be further ensured through a secondary encryption processing mode.
It should be noted that, generally, the terminal completes writing the public key of the PCA during the production process, and therefore, in the embodiment of the present application, the terminal may directly perform encryption by using the public key of the PCA that has completed writing.
In an optional implementation manner, the terminal includes a secure chip and a secure terminal, specifically, the secure chip is used to generate an encrypted public key of the terminal, and the secure terminal is used to generate the certificate application request. Use the car networking terminal as an example, the car networking terminal includes security chip and V2X security terminal, after the security chip at car networking terminal generated the encryption public key, can utilize the public key of PCA to encrypt this encryption public key and obtain the public key ciphertext, and derive the public key ciphertext to the V2X security terminal at car networking terminal, then generate the certificate application request that carries the public key ciphertext by V2X security terminal, and utilize the public key of PCA to encrypt this certificate application request again, finally obtain the encryption certificate application request.
In practical application, after obtaining the encrypted certificate application request, the terminal sends the encrypted certificate application request to the RA, and then the RA forwards the encrypted certificate application request to the PCA, so as to complete the certificate application. Generally, before sending the encrypted certificate application request to the RA, the terminal further needs to sign the encrypted certificate application request by using its own private signature key, and send the signed encrypted certificate application request to the RA.
RA102, configured to forward the encrypted certificate application request to PCA103 after verifying the encrypted certificate application request.
In practical application, after receiving the signed encryption certificate application request, RA first needs to verify the correctness of the signature of the encryption certificate application request, and if the verification is passed, determines the terminal corresponding to the encryption certificate application request. Then, the RA re-utilizes the private key of the RA to sign the request for applying the encrypted certificate and forwards the request to the PCA; if the authentication is not passed, the request for applying the encryption certificate which is not passed the authentication can be recorded, and meanwhile, the information of failure is returned to the terminal.
In order to further ensure information security and avoid knowing the accurate source of the encryption certificate application request forwarded by the RA on the PCA side, in the embodiment of the present application, after receiving a preset number of encryption certificate application requests, the RA performs obfuscation processing on the preset number of encryption certificate application requests, and then sends the obfuscated encryption certificate application requests to the PCA.
In an alternative embodiment, the obfuscation process may be performed using a random obfuscation function. For example, assuming that RA receives 100 encrypted certificate application requests of a preset number, a random scrambling function may be used to randomly scramble the 100 encrypted certificate application requests to obtain a scrambled encrypted certificate application request. It should be noted that, in order to facilitate subsequent corresponding de-obfuscation processing, in this embodiment of the present application, RA needs to record in advance a correspondence between an encrypted certificate application request and a terminal before performing obfuscation processing.
Specifically, in an embodiment, after verifying the signature of the encrypted certificate application request, the RA may determine the terminal corresponding to the encrypted certificate application request, and record the correspondence between the encrypted certificate application request and the terminal. In another embodiment, the RA receives the access certificate of the terminal while receiving the encryption certificate application request, and after verifying the access certificate, the RA can determine the terminal corresponding to the access certificate, which can be understood as the terminal that sent the encryption certificate application request, so that the RA can record the correspondence between the encryption certificate application request and the terminal.
The PCA103 is configured to decrypt the encrypted certificate application request to obtain the encrypted public key, encrypt the anonymous certificate generated for the terminal by using the encrypted public key, send the anonymous certificate to the RA102, and forward the anonymous certificate to the terminal 101 by the RA 102.
In the embodiment of the application, after receiving the request for applying the encrypted certificate, the PCA decrypts the request by using its own private key to obtain information carried in the request for applying the encrypted certificate, which generally includes an encrypted public key, a type of the applied certificate, a validity period, and the like. And the PCA generates an anonymous certificate for the terminal based on the information carried in the encrypted certificate application request. Wherein the anonymous certificate is trusted and is used for hiding the information of the terminal.
In practical application, in order to ensure the information security of the anonymous certificate, the anonymous certificate needs to be encrypted in the process of being issued to a corresponding terminal. Generally, after obtaining an encryption public key from an encryption certificate application request, the PCA encrypts the anonymous certificate by using the encryption public key so that a corresponding terminal can decrypt the anonymous certificate, and finally obtains the anonymous certificate.
Since the embodiment of the application is transmitted based on the ciphertext of the encrypted public key, the information security of the encrypted public key is ensured in the transmission process, and therefore, the PCA encrypts the generated anonymous certificate by using the encrypted public key, so that the security of the anonymous certificate can be ensured, and finally, the information security of the terminal which performs communication based on the anonymous certificate is ensured.
In practical application, the PCA sends the anonymous certificate encrypted by the encrypted public key to the RA, and the RA forwards the anonymous certificate to the corresponding terminal, so that the terminal corresponding to the anonymous certificate can be prevented from being known at one side of the PCA, the terminal information corresponding to the anonymous certificate is prevented from being leaked at one side of the PCA, and the information safety of the terminal is ensured.
In an alternative embodiment, if the RA performs obfuscation on the received request for encrypted certificate application, the RA may perform de-obfuscation when receiving the anonymous certificate from the PCA. Specifically, when receiving any anonymous certificate, RA first determines an encrypted certificate application request corresponding to the anonymous certificate, then determines a terminal corresponding to the anonymous certificate according to a correspondence between pre-recorded encrypted certificate application requests and terminals, and finally forwards the anonymous certificate to the corresponding terminal to complete application of the certificate.
In order to further improve the information security of the anonymous certificate, the certificate application system provided in the embodiment of the present application further includes a time management system, referring to fig. 2, and on the basis of fig. 1, the certificate application system may further include a time management system 201, where the time management system 201 may be integrated on a CA side where the PCA and the RA are located, or may exist separately, and the specific existence form is not limited in the present application.
Specifically, the PCA103 is further configured to send an aging application request of the anonymous certificate to the time management system 201 after generating the anonymous certificate for the terminal.
The time management system generates a time authorization response for the terminal according to the parameter.
The time management system 201 is configured to return an aging authorization response carrying a public key of the time management system to the PCA after receiving an aging application request of the anonymous certificate sent by the PCA.
The PCA103 is further configured to encrypt the anonymous certificate with the public key of the time management system 201, and then send the anonymous certificate to the terminal.
The time management system 201 is further configured to send a private key to the terminal when the starting time point of the expiration date is reached, so that the terminal decrypts the anonymous certificate by using the private key.
In the embodiment of the application, the PCA not only utilizes the encryption public key of the terminal to perform the first re-encryption on the anonymous certificate, but also utilizes the public key of the time management system to perform the second re-encryption on the anonymous certificate, and finally the doubly encrypted anonymous certificate is obtained.
The time management system sends the private key of the time management system to the corresponding terminal only when the time management system reaches the initial time point of the time period corresponding to the anonymous certificate, so that the terminal can use the private key to perform first re-decryption on the anonymous certificate, and then can use the encrypted public key of the terminal to perform second re-decryption on the anonymous certificate, and finally the anonymous certificate is obtained and can be used for subsequent terminal secure communication.
The time management system controls the time that the terminal really obtains the anonymous certificate by sending the private key to the terminal when the initial time point of the aging period is reached, so that the information security risk caused by the fact that the anonymous certificate is obtained by the terminal too early is avoided.
Corresponding to the certificate application system, an embodiment of the present application further provides a certificate application method, and referring to fig. 3, a flowchart of the certificate application method provided in the embodiment of the present application is provided, where the method includes:
s301: and the terminal encrypts the certificate application request carrying the encrypted public key by using the public key of the anonymous certificate issuing system PCA to obtain the encrypted certificate application request.
S302: and the terminal sends the encryption certificate application request to an access verification system RA and sends the encryption certificate application request to the PCA through the RA.
S303: and the PCA decrypts the encrypted certificate application request to obtain the encrypted public key, encrypts an anonymous certificate generated for the terminal by using the encrypted public key, and then sends the anonymous certificate to the RA.
S304: the terminal receives the anonymous certificate sent via the RA.
In the embodiment of the application, the PCA authorizes the equipment by issuing the certificate containing the authorization information to the legal equipment, so that the equipment can perform secure communication based on the authorized certificate. Specifically, a terminal initiates a certificate application request, the certificate application request is forwarded to the PCA after being verified by the RA, the PCA issues a corresponding certificate to the device, and finally the certificate is sent to the terminal to complete the certificate application. In the certificate application method provided in the embodiment of the present application, before the terminal sends the certificate application request to the PCA, the public key of the PCA is first used to encrypt the certificate application request carrying the encrypted public key, so as to ensure that the encrypted public key of the terminal is not leaked during the process of applying the certificate and at the side of the certificate authority, thereby ensuring the information security of the certificate encrypted by using the encrypted public key, and finally ensuring the information security of the terminal using the certificate for communication.
In addition, in the certificate application method provided in the embodiment of the present application, the PCA not only performs the first re-encryption on the anonymous certificate by using the encryption public key of the terminal, but also performs the second re-encryption on the anonymous certificate by using the public key of the time management system, thereby finally obtaining the doubly encrypted anonymous certificate. The time management system controls the time that the terminal really obtains the anonymous certificate by sending the private key to the terminal when the initial time point of the aging period is reached, and information security risk caused by the fact that the anonymous certificate is obtained by the terminal too early is avoided.
For understanding of the method embodiment, reference may be made to the description of the system embodiment described above, which is not described herein again.
With the continuous development of socio-economy, the transportation field faces various challenges, such as safety, travel, environment, and the like. The technology of the intelligent Vehicle networking V2X provides effective solutions To various problems in intelligent traffic, and a communication system among LTE-V2X (Vehicle-To-evolution), namely, vehicles and vehicles (V2V), vehicles and pedestrians (V2P), vehicles and infrastructure (V2I), vehicles and a network (V2N) is used for improving road safety, improving traffic traveling efficiency and enabling traffic To be more intelligent. Through statistics, the application of the V2X technology can effectively avoid about 81% of traffic accidents, and the road traffic efficiency is improved by more than 30%. With the determination and the departure of various national policies and standards, the intelligent networked automobile in China is expected to gradually realize industrialization, and the market scale estimated to 2020 can reach 1000 million yuan.
As vehicle-mounted devices become the standard for many automobiles, real-time communication of the vehicles with cloud servers and other mobile devices becomes possible. The information of the vehicle comprises various data such as vehicle running conditions, geographic position information and the like, and can be uploaded to a cloud or other mobile devices through a network connection technology, wherein the data are important information related to public privacy and national security. Meanwhile, some vehicle-mounted terminals can also receive commands issued by the cloud, so that the behavior of the vehicle can be controlled remotely. In this case, if the transmitted data is maliciously acquired or utilized, or the vehicle receives and executes an illegal command, it is highly likely that an event endangering personal safety occurs, even rising as a social safety and national safety problem. Therefore, the information security is one of the key and urgent problems which must be considered and solved in the development of intelligent networked automobiles in China, and the challenge and the opportunity coexist.
Therefore, the certificate application method can be applied to the field of LTE-V2X vehicle networking information security, and particularly ensures that the encrypted public key is not leaked by encrypting and transmitting the certificate application request carrying the encrypted public key in the process of applying the certificate to the PCA by the vehicle networking terminal, so that the information security of the certificate encrypted by the encrypted public key is ensured, and the information security of the vehicle networking terminal based on certificate communication is finally ensured.
Referring to fig. 4, an information interaction diagram of a certificate application method applied to the field of car networking is provided for an embodiment of the present application, where a car networking terminal is also referred to as a V2X device, the method includes:
s401: the security chip in the V2X device encrypts the pre-generated encrypted public key with the public key of the PCA to obtain a public key ciphertext.
S402: the security terminal in the V2X device generates a certificate application request carrying a public key ciphertext, and encrypts the certificate application request using the public key of the PCA to obtain an encrypted certificate application request.
The certificate application request may further include an application certificate type, a validity period, a signature public key value, a signature value, and the like.
S403: the V2X device signs the encrypted certificate application request and sends it to the RA.
S404: and the RA verifies the correctness of the signature of the encrypted certificate application request, and after the verification is passed, performs confusion processing on the encrypted certificate application requests with the preset number to obtain the encrypted certificate application requests after confusion.
It is noted that, after the RA passes the signature verification, the V2X device corresponding to the encrypted certificate application request is determined, and the correspondence relationship between the encrypted certificate application request and the V2X device is recorded. In addition, the V2X device sends the encrypted certificate application request to the RA, and also sends its own admission certificate to the RA, which verifies the admission certificate to determine that the V2X device has the authority to apply for anonymous certificate. In addition, since the admission certificate carries the identifier of the V2X device, the RA can also determine, through the admission certificate, the V2X device corresponding to the encrypted certificate application request, and record the correspondence between the encrypted certificate application request and the V2X device.
It is noted that the correspondence of the encrypted certificate application request of the RA record to the V2X device can be used for subsequent de-obfuscation processing of the anonymous certificate.
S405: the RA signs the obfuscated encrypted certificate application request and sends it to the PCA.
S406: and the PCA verifies the correctness of the signature of the obfuscated encrypted certificate application request, and decrypts the obfuscated encrypted certificate application request by using the private key of the PCA after the verification is passed, so as to obtain the encrypted public key in each obfuscated encrypted certificate application request.
S407: and the PCA generates an anonymous certificate according to the information in the encrypted certificate application request, and encrypts the anonymous certificate by using the corresponding encrypted public key.
S408: PCA sends time effect application requests of all anonymous certificates to a time management system; the validity period application request carries validity period parameters in the certificate application request.
S409: and the time management system returns an aging authorization response carrying the public key of the time management system to the PCA.
S410: and the PCA performs second encryption on the anonymous certificate by using the public key of the time management system, signs the anonymous certificate and then sends the anonymous certificate to the RA.
S411: the RA verifies the correctness of the signature of the anonymous certificate, and performs confusion removal processing on the anonymous certificate after the verification is passed; and after signing the de-obfuscated anonymous certificate, sending the de-obfuscated anonymous certificate to the corresponding V2X device according to the corresponding relation between the encrypted certificate application request recorded before obfuscation and the V2X device.
S412: the V2X device verifies the correctness of the signature of the anonymous certificate.
S413: the time management system issues a certificate with a private key to the V2X device when the expiration date is reached so that the V2X device decrypts the anonymous certificate with the private key in the certificate.
In practical application, the time management system issues a certificate to the V2X device when reaching the validity period, where the certificate includes a private key for first re-decryption of the anonymous certificate, and the issued certificate also includes a public key for signature verification, and after the V2X device receives the certificate issued by the time management system, the anonymous certificate is verified by using the public key for signature verification carried in the certificate to determine that the anonymous certificate is issued by the time management system, and then the anonymous certificate is first re-decrypted by using the private key carried in the certificate.
Since the time management system issues the certificate with the private key to the V2X device only when the validity period is reached, that is, the V2X device can decrypt the anonymous certificate with the private key from the time management system only when the validity period is reached. It can be understood that since the anonymous certificate at the V2X device side is in the form of ciphertext before the validity period is reached, the information of the anonymous certificate can be secured during this period.
S414: the V2X device carries out first re-decryption on the anonymous certificate by using a private key of the time management system, and then carries out second re-decryption on the anonymous certificate by using an own encryption public key to obtain the anonymous certificate.
After the V2X device obtains the decrypted anonymous certificate, it can perform secure communication based on the anonymous certificate, and ensure the security of communication.
It should be noted that the signature and the method for verifying the accuracy of the signature in the embodiment of the present application are commonly used in the art, and are not described herein again.
The certificate application method provided by the embodiment of the application can ensure that the encrypted public key is not leaked, so that the information security of the anonymous certificate encrypted by the encrypted public key is ensured. In the communication process of the V2X equipment, an illegal user cannot determine which information belongs to the same V2X equipment by decrypting an anonymous certificate, cannot obtain complete path information of the same vehicle and the like, and the information safety problem in the Internet of vehicles is avoided.
Corresponding to the foregoing embodiment, an embodiment of the present application further provides a certificate application apparatus, and referring to fig. 5, a schematic structural diagram of the certificate application apparatus provided in the embodiment of the present application is shown, where the apparatus is applied to a terminal, and the apparatus 500 includes:
the first encryption module 501 is configured to encrypt a certificate application request carrying an encrypted public key by using a public key of a PCA (anonymous certificate authority) to obtain an encrypted certificate application request; wherein, the encryption public key is generated by the terminal;
a first sending module 502, configured to send the encrypted certificate application request to an admission verification system RA, and send the encrypted certificate application request to the PCA through the RA, so that the PCA decrypts the encrypted certificate application request to obtain the encrypted public key, and sends the anonymous certificate to the RA after encrypting an anonymous certificate generated for the terminal by using the encrypted public key;
a first receiving module 503, configured to receive the anonymous certificate sent via the RA.
In addition, referring to fig. 6, a schematic structural diagram of a certificate application apparatus is further provided for the embodiment of the present application, where the apparatus is applied to an anonymous certificate authority PCA, and the apparatus 600 includes:
a second receiving module 601, configured to receive an encrypted certificate application request from a terminal forwarded by an admission verification system RA; the encryption certificate application request carries an encryption public key of the terminal and is obtained by encrypting the encryption public key of the PCA;
a decryption module 602, configured to decrypt the encrypted certificate application request to obtain the encrypted public key;
a second encryption module 603, configured to encrypt, by using the encrypted public key, the anonymous certificate generated for the terminal, and then send the anonymous certificate to the RA, so that the RA forwards the anonymous certificate to the terminal.
In addition, referring to fig. 7, a schematic structural diagram of a certificate application apparatus is further provided for the embodiment of the present application, where the apparatus is applied to an admission verification system RA, and the apparatus 700 includes:
the obfuscating module 701 is configured to perform obfuscation processing on a preset number of encrypted certificate application requests after receiving the preset number of encrypted certificate application requests, and send the obfuscated encrypted certificate application requests to the anonymous certificate issuing system PCA;
and the defrobbing module 702 is configured to perform defrobbing processing on the anonymous certificate after receiving the anonymous certificate from the PCA, and send the defrobulated anonymous certificate to corresponding terminals respectively.
In addition, referring to fig. 8, a schematic structural diagram of a certificate application apparatus is further provided for the embodiment of the present application, where the apparatus is applied to a time management system, and the apparatus 800 includes:
a third receiving module 801, configured to, after receiving an aging application request of an anonymous certificate from an anonymous certificate issuing system PCA, return an aging authorization response carrying a public key of the third receiving module to the PCA, so that the PCA encrypts the anonymous certificate by using the public key of the time management system and then sends the anonymous certificate to a terminal;
a second sending module 802, configured to send a private key to the terminal when a starting time point of the expiration date is reached, so that the terminal decrypts the anonymous certificate by using the private key.
The embodiment of the application provides a certificate application device, wherein before sending a certificate application request to a PCA, a public key of the PCA is first used for encrypting the certificate application request carrying an encrypted public key, so as to ensure that the encrypted public key of a terminal at a certificate authority side and in the process of applying the certificate is not leaked, thereby ensuring the information security of the certificate encrypted by using the encrypted public key, and finally ensuring the information security of the terminal using the certificate for communication.
In addition, an embodiment of the present application further provides a certificate application apparatus, as shown in fig. 9, which may include:
a processor 901, a memory 902, an input device 903, and an output device 904. The number of processors 901 in the certificate application apparatus may be one or more, and one processor is taken as an example in fig. 9. In some embodiments of the present invention, the processor 901, the memory 902, the input device 903 and the output device 904 may be connected through a bus or other means, wherein the connection through the bus is exemplified in fig. 9.
The memory 902 may be used to store software programs and modules, and the processor 901 executes various functional applications and data processing of the certificate application apparatus by running the software programs and modules stored in the memory 902. The memory 902 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, and the like. Further, the memory 902 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. The input device 903 may be used to receive entered numeric or character information and to generate signal inputs relating to user settings and function controls of the certificate authority.
Specifically, in this embodiment, the processor 901 loads an executable file corresponding to a process of one or more application programs into the memory 902 according to the following instructions, and the processor 901 runs the application programs stored in the memory 902, thereby implementing various functions in the certificate application method.
In addition, the present application also provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a terminal device, the instructions cause the terminal device to execute the certificate application method.
It is understood that for the apparatus embodiments, since they correspond substantially to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
The above detailed description is provided for a certificate application method, apparatus, and device provided in the embodiments of the present application, and specific examples are applied in the present application to explain the principles and embodiments of the present application, and the description of the above embodiments is only used to help understand the method and core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (13)
1. A certificate application method is applied to a terminal, and the method comprises the following steps:
encrypting a certificate application request carrying an encrypted public key by using a public key of a PCA (anonymous certificate authority) of an anonymous certificate authority system to obtain an encrypted certificate application request; wherein, the encryption public key is generated by the terminal;
sending the encrypted certificate application request to an access authentication system (RA) and sending the encrypted certificate application request to the PCA through the RA, so that the PCA can decrypt the encrypted certificate application request to obtain the encrypted public key, encrypt an anonymous certificate generated for the terminal by using the encrypted public key, encrypt the anonymous certificate by using a public key of a time management system, and send the anonymous certificate to the RA;
and receiving the anonymous certificate sent by the RA, and decrypting the anonymous certificate by using a private key after receiving the private key sent by the time management system when the time management system reaches the initial time point of the time validity period.
2. The method of claim 1, wherein before encrypting the certificate application request carrying the encrypted public key by using a public key of the anonymous certificate authority (PCA) to obtain the encrypted certificate application request, the method further comprises:
encrypting the encrypted public key generated by the terminal by using the public key of the PCA to obtain a public key ciphertext;
correspondingly, the public key of the anonymous certificate issuing system PCA is used for encrypting the certificate application request carrying the encrypted public key to obtain an encrypted certificate application request, which specifically comprises the following steps:
and encrypting the certificate application request carrying the public key ciphertext by using the public key of the PCA to obtain an encrypted certificate application request.
3. A certificate application method applied to an anonymous certificate authority (PCA), the method comprising:
the PCA receives an encryption certificate application request from a terminal forwarded by an admission verification system RA; the encryption certificate application request carries an encryption public key generated by the terminal and is obtained by encrypting by using the public key of the PCA;
the PCA decrypts the request for applying the encrypted certificate to obtain the encrypted public key, encrypts an anonymous certificate generated for the terminal by using the encrypted public key, and then sends the anonymous certificate to the RA, so that the RA forwards the anonymous certificate to the terminal;
after generating an anonymous certificate for the terminal, further comprising:
after the PCA sends an aging application request of the anonymous certificate to a time management system, receiving an aging authorization response of the anonymous certificate from the time management system;
accordingly, prior to sending the anonymous credential to the RA, further comprising:
and after encrypting the anonymous certificate by the PCA by using the public key of the time management system, continuing to execute the step of sending the anonymous certificate to the RA and forwarding the anonymous certificate to the terminal by the RA, so that the terminal decrypts the anonymous certificate by using the private key after receiving the private key sent by the time management system when the time management system reaches the initial time point of the time validity period.
4. A certificate application method according to any of claims 1-3, characterized in that the certificate application method further comprises:
after receiving a preset number of encrypted certificate application requests, the RA verifies the accuracy of signatures of the encrypted certificate application requests, if the encrypted certificate application requests pass the verification, the RA determines a terminal corresponding to each encrypted certificate application request, performs obfuscation processing on the preset number of encrypted certificate application requests, and sends the obfuscated encrypted certificate application requests to an anonymous certificate issuing system PCA;
and after receiving the anonymous certificate from the PCA, the RA performs confusion resolution on the anonymous certificate and respectively sends the confusion-resolved anonymous certificate to the corresponding terminal.
5. A certificate application method according to any of claims 1-3, characterized in that the certificate application method further comprises:
the time management system receives an aging application request of an anonymous certificate generated for the terminal by encrypting the anonymous certificate by using an encryption public key of the terminal from an anonymous certificate issuing system (PCA), and then returns an aging authorization response carrying the public key of the time management system to the PCA, so that the PCA encrypts the anonymous certificate by using the public key of the time management system and then sends the anonymous certificate to the terminal;
and the time management system sends a private key to the terminal when the starting time point of the time period is reached, so that the terminal can decrypt the anonymous certificate by using the private key.
6. A certificate application system is characterized by comprising a terminal, an admission verification system RA and an anonymous certificate issuing system PCA;
the terminal is used for encrypting the certificate application request carrying the encrypted public key by using the public key of the PCA to obtain an encrypted certificate application request and sending the encrypted certificate application request to the RA; wherein, the encryption public key is generated by the terminal;
the RA is used for forwarding the encryption certificate application request to the PCA after verifying the encryption certificate application request;
the PCA is used for decrypting the encrypted certificate application request to obtain the encrypted public key, encrypting an anonymous certificate generated for the terminal by using the encrypted public key, then sending the anonymous certificate to the RA, and forwarding the anonymous certificate to the terminal by the RA;
the system also includes a time management system;
the time management system is used for returning an aging authorization response carrying a public key of the time management system to the PCA after receiving an aging application request of the anonymous certificate sent by the PCA; and sending a private key to the terminal when the starting time point of the time-validity period is reached, so that the terminal can decrypt the anonymous certificate by using the private key;
correspondingly, the PCA is further configured to encrypt the anonymous certificate with the public key of the time management system, and then send the anonymous certificate to the terminal.
7. The system of claim 6,
the RA is further used for performing confusion processing on the encryption certificate application requests with the preset number after receiving the encryption certificate application requests with the preset number, and sending the confused encryption certificate application requests to the anonymous certificate issuing system PCA; and after receiving the anonymous certificate from the PCA, performing confusion resolution on the anonymous certificate, and respectively sending the confusion-resolved anonymous certificate to corresponding terminals.
8. The certificate application system according to claim 6, wherein the certificate application apparatus for RA comprises:
the confusion module is used for verifying the accuracy of the signatures of the encrypted certificate application requests after receiving a preset number of encrypted certificate application requests, determining a terminal corresponding to each encrypted certificate application request if the encrypted certificate application requests pass the verification, performing confusion processing on the preset number of encrypted certificate application requests, and sending the confused encrypted certificate application requests to the anonymous certificate issuing system PCA;
and the confusion resolution module is used for receiving the anonymous certificate from the PCA, performing confusion resolution processing on the anonymous certificate, and respectively sending the anonymous certificate after confusion resolution to the corresponding terminals.
9. The certificate application system according to claim 6, wherein the certificate application means of the time management system comprises;
the third receiving module is used for receiving an aging application request of an anonymous certificate generated for the terminal by encrypting the anonymous certificate by using an encryption public key of the terminal from an anonymous certificate issuing system (PCA), and then returning an aging authorization response carrying the public key of the third receiving module to the PCA, so that the PCA encrypts the anonymous certificate by using the public key of the time management system and then sends the anonymous certificate to the terminal;
and the second sending module is used for sending a private key to the terminal when the starting time point of the time-validity period is reached, so that the terminal can decrypt the anonymous certificate by using the private key.
10. A certificate application apparatus, wherein the apparatus is applied to a terminal, the apparatus comprises:
the first encryption module is used for encrypting the certificate application request carrying the encrypted public key by utilizing the public key of the anonymous certificate issuing system PCA to obtain an encrypted certificate application request; wherein, the encryption public key is generated by the terminal;
the first sending module is used for sending the encrypted certificate application request to an access authentication system (RA) and sending the encrypted certificate application request to the PCA through the RA, so that the PCA can decrypt the encrypted certificate application request to obtain an encrypted public key, and after an anonymous certificate generated for the terminal is encrypted by using the encrypted public key, the anonymous certificate is encrypted by using a public key of a time management system and sent to the RA;
and the first receiving module is used for receiving the anonymous certificate sent by the RA, and decrypting the anonymous certificate by using a private key after receiving the private key sent by the time management system when the time management system reaches the initial time point of the validity period.
11. A certificate application apparatus, applied to an anonymous certificate authority, PCA, the apparatus comprising:
a second receiving module, configured to receive an encrypted certificate application request from a terminal, which is forwarded by an admission verification system RA; the encryption certificate application request carries an encryption public key generated by the terminal and is obtained by encrypting by using the public key of the PCA;
the decryption module is used for decrypting the encrypted certificate application request to obtain the encrypted public key;
the second encryption module is used for encrypting the anonymous certificate generated for the terminal by using the encryption public key, and then prompting the PCA to receive an aging authorization response of the anonymous certificate from the time management system after sending an aging application request of the anonymous certificate to the time management system; after the anonymous certificate is encrypted by the public key of the time management system, the anonymous certificate is sent to the RA, so that the RA forwards the anonymous certificate to the terminal, and the terminal decrypts the anonymous certificate by using the private key after receiving the private key sent by the time management system when the time management system reaches the initial time point of the time validity period.
12. A computer-readable storage medium having stored therein instructions that, when executed on a terminal device, cause the terminal device to perform the method of any one of claims 1-5.
13. A certificate application apparatus, comprising: memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1-5 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910575537.3A CN110365486B (en) | 2019-06-28 | 2019-06-28 | Certificate application method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910575537.3A CN110365486B (en) | 2019-06-28 | 2019-06-28 | Certificate application method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110365486A CN110365486A (en) | 2019-10-22 |
| CN110365486B true CN110365486B (en) | 2022-08-16 |
Family
ID=68215936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910575537.3A Active CN110365486B (en) | 2019-06-28 | 2019-06-28 | Certificate application method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110365486B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995412B (en) * | 2019-12-02 | 2020-11-10 | 西安邮电大学 | Certificateless ring signcryption method based on multiplicative group |
| CN113015159B (en) * | 2019-12-03 | 2023-05-09 | 中国移动通信有限公司研究院 | Initial security configuration method, security module and terminal |
| CN111130777B (en) * | 2019-12-31 | 2022-09-30 | 北京数字认证股份有限公司 | Issuing management method and system for short-lived certificate |
| CN113225733B (en) * | 2020-01-19 | 2023-01-13 | 中国移动通信有限公司研究院 | User identification module, certificate acquisition method, device and storage medium |
| CN113765667B (en) * | 2020-06-02 | 2023-03-03 | 大唐移动通信设备有限公司 | Anonymous certificate application method, device authentication method, device, apparatus and medium |
| CN115706953A (en) * | 2021-08-05 | 2023-02-17 | 中兴通讯股份有限公司 | Certificate application method and device based on vehicle-road cooperation, computer equipment and medium |
| CN114900302B (en) * | 2022-07-12 | 2022-11-25 | 杭州天谷信息科技有限公司 | Anonymous certificate issuing method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1784643A (en) * | 2003-06-04 | 2006-06-07 | 国际商业机器公司 | Method and system for controlling the disclosure time of information |
| CN1801029A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for generating digital certificate and applying the generated digital certificate |
| CN104904156A (en) * | 2013-01-08 | 2015-09-09 | 三菱电机株式会社 | Authentication processing device, authentication processing system, authentication processing method and authentication processing program |
| CN106533692A (en) * | 2016-11-01 | 2017-03-22 | 济南浪潮高新科技投资发展有限公司 | Digital certificate application method based on TPM |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10536279B2 (en) * | 2017-10-22 | 2020-01-14 | Lg Electronics, Inc. | Cryptographic methods and systems for managing digital certificates |
-
2019
- 2019-06-28 CN CN201910575537.3A patent/CN110365486B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1784643A (en) * | 2003-06-04 | 2006-06-07 | 国际商业机器公司 | Method and system for controlling the disclosure time of information |
| CN1801029A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for generating digital certificate and applying the generated digital certificate |
| CN104904156A (en) * | 2013-01-08 | 2015-09-09 | 三菱电机株式会社 | Authentication processing device, authentication processing system, authentication processing method and authentication processing program |
| CN106533692A (en) * | 2016-11-01 | 2017-03-22 | 济南浪潮高新科技投资发展有限公司 | Digital certificate application method based on TPM |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110365486A (en) | 2019-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110365486B (en) | Certificate application method, device and equipment | |
| TWI779139B (en) | Vehicle virtual key generation and use method, system and user terminal | |
| CN111684760B (en) | Cryptographic method and system for managing digital certificates | |
| CN108496322B (en) | Vehicle-mounted computer system, vehicle, key generation device, management method, key generation method, and computer-readable recording medium | |
| CN112671798B (en) | Service request method, device and system in Internet of vehicles | |
| CA3013687C (en) | A method of data transfer, a method of controlling use of data and a cryptographic device | |
| KR101837338B1 (en) | Cloud-Assisted Conditional Privacy Preserving Authentication Method for VANET and System Therefor | |
| CN105635147A (en) | Vehicle-mounted-special-equipment-system-based secure data transmission method and system | |
| CN108141444B (en) | Improved authentication method and authentication device | |
| JP2016139882A (en) | Communication device, LSI, program and communication system | |
| US11722529B2 (en) | Method and apparatus for policy-based management of assets | |
| CN104053149A (en) | Method and system for realizing security mechanism of vehicle networking equipment | |
| JP7497438B2 (en) | Certificate application method and device | |
| CN113114699A (en) | Vehicle terminal identity certificate application method | |
| CN113347133B (en) | Authentication method and device of vehicle-mounted equipment | |
| CN111552270A (en) | Safety authentication and data transmission method and device for vehicle-mounted diagnosis | |
| CN113079511A (en) | Method, device, vehicle and storage medium for information sharing between vehicles | |
| CN109743283B (en) | Information transmission method and equipment | |
| CN113115255A (en) | Certificate issuing method, secret key authentication method, vehicle unlocking method, equipment and storage medium | |
| CN111656729B (en) | System and method for computing escrow and private session keys for encoding digital communications between two devices | |
| Kleberger et al. | Protecting vehicles against unauthorised diagnostics sessions using trusted third parties | |
| CN112702170A (en) | Management method, management system, viewing method and viewing terminal for vehicle data | |
| JP2017011482A (en) | Management system, vehicle, management device, on-vehicle computer, management method, and computer program | |
| CN113079489B (en) | Communication method of hovercar based on block chain, hovercar and medium | |
| EP3840327A1 (en) | Method for applying for digital certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |