CN111242615B - Certificate application method and system - Google Patents
Certificate application method and system Download PDFInfo
- Publication number
- CN111242615B CN111242615B CN201811446324.2A CN201811446324A CN111242615B CN 111242615 B CN111242615 B CN 111242615B CN 201811446324 A CN201811446324 A CN 201811446324A CN 111242615 B CN111242615 B CN 111242615B
- Authority
- CN
- China
- Prior art keywords
- certificate
- application request
- user terminal
- key
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000004891 communication Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000012795 verification Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method for applying a certificate, which comprises the first step that a user terminal sends a certificate application request to a bank subsystem, wherein the certificate application request comprises a device ID of the user terminal; the second step, the bank subsystem sends the certificate application request to the authentication center; and thirdly, the mobile key center in the authentication center determines the authenticity of the user terminal according to the equipment ID in the certificate application request, if the user terminal is true, the certificate application request is sent to the bank subsystem, and the bank subsystem sends the certificate application request to a certificate authentication server of the authentication center so as to apply a certificate from the certificate authentication server. According to the invention, the application of the certificate can be associated with the specific mobile equipment, and the security is prevented from being reduced or lost due to the fact that the security measures are tampered or hijacked.
Description
Technical Field
The present invention relates to the field of computers, and more particularly to the field of financial transaction security at the mobile end.
Background
In existing mobile transactions, when a mobile terminal installed with an APP (e.g., a bank APP) applies for a digital certificate, a certificate application request may be typically sent to a bank, which forwards the request to a CA authentication center.
However, in the prior art, the sending of the certificate is not associated with the held device, i.e. the issuing of the certificate is not dependent on the specific terminal.
This has the disadvantage that the corresponding security measures in the APP may be hijacked or tampered with, so that transactions can also be carried out on other terminals. This greatly reduces the security of the mobile transaction.
Disclosure of Invention
The invention aims at overcoming the defect of lower security level of certificate application in the prior art of clients.
According to a first aspect of the present invention, there is provided a method of applying for credentials, comprising: the method comprises the steps that a user terminal sends a certificate application request to a bank subsystem, wherein the certificate application request comprises a device ID of the user terminal; the second step, the bank subsystem sends the certificate application request to the authentication center; and thirdly, the mobile key center in the authentication center determines the authenticity of the user terminal according to the equipment ID in the certificate application request, if the user terminal is true, the certificate application request is sent to the bank subsystem, and the bank subsystem sends the certificate application request to a certificate authentication server of the authentication center so as to apply a certificate from the certificate authentication server.
According to one embodiment of the invention, the user terminal comprises a secure element SE, a trusted execution environment TEE and a rich execution environment REE, wherein the SE is used for storing keys; the TEE is used for storing a trusted application TA corresponding to the key; and an APP running in the re, the running of the APP being based on a key in the SE and a TA in the TEE; the first step includes: the Applet in the SE generates a key pair and sends a public key of the key pair to the TA; the TA sends the public key and the equipment ID to the APP in REE; the APP generates a certificate application request comprising the equipment ID, and sends the certificate application request to the bank subsystem.
According to one embodiment of the present invention, the banking subsystem includes an application server and a certificate registration auditing system RA, and the second step includes: the application server receives the certificate application request; the application server forwards the received certificate application request to the RA.
According to one embodiment of the present invention, the third step includes: the mobile key center receives a certificate application request from the RA and determines the authenticity of the user terminal according to the equipment ID in the certificate application request; if the user terminal is true, the certificate application request is sent to an RA; the RA sends the certificate application request to a certificate authentication server CA of the authentication center to apply for a certificate from the certificate authentication server.
According to one embodiment of the invention, the applied certificate is stored in the SE of the user terminal or in the TEE.
According to a second aspect of the present invention, there is provided a system for applying for certificates, comprising: the system comprises a user terminal, a bank subsystem communicated with the user terminal and an authentication center communicated with the bank subsystem, wherein the user terminal is configured to send a certificate application request to the bank subsystem, and the certificate application request comprises a device ID of the user terminal; the bank subsystem is configured to send the certificate application request to the authentication center; the authentication center comprises a mobile key center and a certificate authentication server, the mobile key center determines authenticity of the user terminal according to the equipment ID in the certificate application request, if the user terminal is true, the certificate application request is sent to the bank subsystem, and the bank subsystem sends the certificate application request to the certificate authentication server so as to apply for a certificate from the certificate authentication server.
According to one embodiment of the invention, the user terminal comprises a secure element SE, a trusted execution environment TEE and a rich execution environment REE, wherein the SE is used for storing keys; the TEE is used for storing a trusted application TA corresponding to the key; and an APP running in the re, the running of the APP being based on a key in the SE and a TA in the TEE; the Applet in the SE generates a key pair and sends a public key in the key pair to the TA; the TA sends the public key and the equipment ID to the APP in REE; the APP generates a certificate application request comprising the equipment ID, and sends the certificate application request to the bank subsystem.
According to one embodiment of the present invention, the banking subsystem includes an application server and a certificate registration auditing system RA, the application server being configured to receive the certificate application request; the application server is configured to forward the received credential application request to the RA.
According to one embodiment of the present invention, the mobile key center is configured to receive a certificate application request from the RA, and determine the authenticity of the user terminal according to the device ID in the certificate application request; if the user terminal is true, the certificate application request is sent to an RA; the RA is configured to send the certificate application request to a certificate authentication server CA of the authentication center to apply for a certificate from the certificate authentication server.
The applied credentials are stored in the SE of the user terminal or in the TEE.
According to the invention, the application of the certificate can be associated with the specific mobile equipment, and the security is prevented from being reduced or lost due to the fact that the security measures are tampered or hijacked.
Drawings
FIG. 1 shows a flow chart of a method of applying credentials in accordance with a first aspect of the invention;
FIG. 2 shows a block diagram of a credential application system in accordance with a second aspect of the present invention;
fig. 3 shows a schematic structure of a user terminal according to an embodiment of the present invention;
FIG. 4a shows a schematic diagram of a space of a SE storing keys according to one embodiment of the invention; and
fig. 4b shows a schematic diagram of a space storing a TEE of a TA according to one embodiment of the invention.
Detailed Description
Reference will now be made in detail to the preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein reference numerals refer to the components and techniques of the present invention so that the advantages and features of the present invention may be more readily understood in the proper environment for practice. The following description is a specific embodiment of the present claims, and other specific implementations not explicitly described in connection with the claims also fall within the scope of the claims.
FIG. 1 shows a flow chart of a method of applying credentials in accordance with a first aspect of the invention; fig. 2 shows a block diagram of a certificate application system according to a second aspect of the present invention.
As shown in fig. 2, the system of the present invention includes: a user terminal 210, a banking subsystem 220 in communication with the user terminal 210, and an authentication center 230 in communication with the banking subsystem 220.
As shown in fig. 1 and 2, the method of the present invention includes: a first step S1, in which the user terminal 210 sends a certificate application request to the banking subsystem 220, the certificate application request including a device ID of the user terminal; in a second step S2, the banking subsystem 220 sends the certificate application request to the authentication center 230.
In the related art, the authentication center 230 includes a certificate authentication server CA 231, and the CA 231 is configured to receive a certificate application request and issue a required certificate.
The CA center issues a digital certificate for each user using the public key, the digital certificate serving to prove that the user listed in the certificate legitimately owns the public key listed in the certificate. The digital signature of the CA institution prevents an attacker from forging and tampering with the certificate.
If the user wants to obtain a certificate belonging to the user, the user should generate a public-private key pair first and then directly or indirectly apply for the certificate (the application contains the public key). After the CA knows the identity of the applicant, and the CA binds the public key with the identity information of the applicant, a certificate is formed and sent to the applicant.
If a user wants to authenticate another certificate, he verifies the signature of that certificate with the public key of the CA issuing the certificate, and once verified, the certificate is considered valid.
In the present invention, as shown in fig. 1 and 2, in the third step S3, the authentication center 230 further includes a mobile key center 232, where the mobile key center 232 determines the authenticity of the user terminal 210 according to the device ID in the certificate application request, and if the user terminal 210 is true, the certificate application request is sent to the banking subsystem 220, and the banking subsystem 220 sends the certificate application request to the certificate authentication server 231 of the authentication center 230 to apply a certificate from the certificate authentication server 231.
As can be seen from fig. 1 and 2, unlike the prior art, at the authentication center 230, a mobile key center 232 is also provided. The banking subsystem needs to determine the authenticity of the mobile terminal 210 at the mobile key center 232 or the validity of the mobile terminal 210, and only the mobile terminal 210 determined to be valid can further acquire the certificate.
The device ID may be an identification code built into the mobile phone chip that can identify the device's uniqueness, for example, a string of device-specific keys, a certificate of a mobile phone, etc.
The constitution and operation of the user terminal according to the present invention are described in detail below with reference to fig. 3.
As shown in fig. 3, the user terminal of the present invention may include a secure element SE, a trusted execution environment TEE and a rich execution environment REE, where the SE has a preset space for storing a key; the TEE is used for storing a trusted application TA corresponding to the key; and an APP running in the re, the running of the APP being based on a key in the SE and a TA in the TEE.
The key in the SE in fig. 3 may be generated by an Applet located in the SE and stored in the SE. The key stored in the SE, in particular the private key, cannot be exported outside the SE.
The security element SE is usually provided in the form of a chip. In order to prevent external malicious analysis attacks and protect data security, an encryption/decryption logic circuit is arranged in the chip. The same function is achieved by the UICC (a SIM specification) in the mobile phone, SD and other chips. In north america and japan, UIM/UICC has become the mainstream as a secure element. But SD and special IC chips have also emerged as SE in the world's solution dominated by credit card companies.
In an electronic money solution in which a portable telephone is media, in order to ensure that electronic money data held therein is not modified by malicious reading, it is necessary to hold the data in a special environment independent of the OS. The specialized environment may be implemented in software or in hardware. But the most straightforward and safest approach is to use hardware as a solution. Sensitive data stored in SE cannot be directly handled by OS and therefore cannot be attacked in theory.
SE commonly employs Java Card technology, where Java Card firewalls are mandatory protection measures for the runtime environment JCRE and are separate from the protection of Java technology. The firewall mechanism avoids the most frequent, foreseeable potential safety hazards: resulting in sensitive data being revealed to design flaws of other applet developers.
The Applet in the SE generates a key pair and sends a public key of the key pair to the TA; the TA sends the public key and the equipment ID to the APP in REE; the APP generates a certificate application request comprising the equipment ID, and sends the certificate application request to the bank subsystem.
The certificate application request may be, for example, a PKCS #10 request. PKCS (The Public-Key Cryptography Standards) is a set of Public key cryptography standards established by The United states RSA data Security company and its partners, including a series of related protocols in terms of certificate application, certificate renewal, certificate revocation list issuance, extended certificate content, and digital signatures, formats of digital envelopes, and The like.
In the invention, the device ID (or the device certificate and the device secret key) is added in the request (message), the whole message is encrypted by additionally using the private key specific to the terminal device, and then the whole message is sent to the mobile secret key center, and the mobile secret key center can determine the authenticity of the device according to the device ID carried by the certificate application request.
Unlike the prior art in which the secret key is embedded in software, the secret key is embedded in a security unit of the terminal, such as a chip of a mobile phone, and the secret key cannot be derived from the mobile phone chip, so that the transaction security is ensured.
It is ensured that the asymmetric private key for the RSA algorithm/SM 2 algorithm or the symmetric encryption key for the DES algorithm/SM 4 algorithm is not compromised without authorization.
To further increase security, according to one embodiment of the present invention, a user Password (PIN) code may also be generated and stored in the SE to protect the key stored in the SE with the PIN code, which further enhances the security of the transaction.
The PIN code can adopt a cipher text verification mode based on challenge-response, namely, a PIN input by a user is adopted to encrypt a random number generated by the card, the encrypted data is sent into the card, and the encrypted data is compared with the result of encrypting the same random number by the PIN in the card to verify whether the PIN is consistent.
The TEE is a stand-alone execution environment running in parallel with ROS on the device and provides security services to ROS, the TEE internally consisting of a Trusted Operating System (TOS) and applications running thereon, i.e., trusted Applications (TAs). The TOS is used to manage the software and hardware resources of the TEE, and includes a monitor responsible for switching between the execution environments of the re and TEE.
The software and hardware resources accessible by the TEE are separate from the ROS, and the TEE provides a secure execution environment for the TA, while also protecting the TA's resources and data confidentiality, integrity, and access rights. Each TA in the TEE is independent of each other and cannot be mutually accessed without authorization.
The TEE itself must pass security verification during start-up and be protected from ROS.
The TEE client API is then the underlying communication interface for Client Applications (CAs) running in ROS to access TA services and data. The TEE function API is an encapsulation of the client API that encapsulates the client's communication protocol with a particular security service, enabling the client to access the security service, such as an encrypted or trusted store, in a programming mode familiar to the developer.
The TEE is an operating environment that coexist with a Rich OS (typically Android, etc.) on a device, and provides security services to the Rich OS. It has its own execution space, which is higher than the security level of the Rich OS, but less secure than the Security Element (SE). TEE is capable of meeting the security requirements of most applications. From a cost perspective, TEE provides a balance of security and cost.
As further shown in fig. 2, the banking subsystem 220 of the present invention includes an application server 221 and a certificate enrollment auditing system RA 222, the second step comprising: the application server receives the certificate application request; the application server forwards the received certificate application request to the RA.
The application server 221 is mainly responsible for receiving, forwarding, storing, managing various kinds of information, and communication between the bank and the external terminal.
The certificate registration auditing system (RA) is an extension of certificate issuing and management of a digital certificate authentication center. The method is mainly responsible for the work of information input, auditing, certificate issuing and the like of certificate requesters, and meanwhile, the corresponding management function is completed on the issued certificates. RA systems are an integral part of the overall CA centre that is normally operated.
The banking subsystem 220 of the present invention further includes a signature verification server 223 that communicates with the application server to process transaction messages. The signature verification server (such as provided by CFCA) is a network security authentication product based on PKI security system and comprehensively supporting international and national cryptographic algorithms. The product is firstly detected by authorities such as public security department and national bureau, and key sensitive data in online securities, online insurance, online banking, electronic commerce and electronic government activities can be signed and checked, so that confidentiality, integrity and non-repudiation of the data are ensured. Meanwhile, in service configuration management, an administrator can log in a management interface through a WEB mode to configure a certificate and related parameters thereof, so that the certificate and the related parameters are effective in real time, and service management efficiency is improved. The product meets the requirements of high availability, high performance and the like in the security field, has wide application scene and is a security guard for identity authentication in the current Internet age.
According to one embodiment of the present invention, the third step S3 includes the mobile key center receiving a certificate application request from the RA and determining the authenticity of the user terminal according to the device ID in the certificate application request; if the user terminal is true, the certificate application request is sent to an RA; the RA sends the certificate application request to a certificate authentication server CA of the authentication center to apply for a certificate from the certificate authentication server.
The mobile key center requires the mobile terminal manufacturer to coordinate, which synchronizes the certificates of each device to the mobile key center through online or offline means. Thus, the key center uses the certificate of each device to verify the certificate application request (message) sent by the above steps, i.e. the authenticity of the device can be verified.
The digital certificate obtained by the user terminal may be stored in the SE of the user terminal or in the TEE, depending on the level of security required.
For the storage space of the certificate in the terminal, this can be achieved as follows.
For a new terminal, a space for storing a key and/or a certificate may be preset in SE of the new terminal when the new terminal is manufactured by a manufacturer of the new terminal; or for an existing terminal, the above space is set in the SE of the existing terminal by an application.
Similarly, for a new terminal, a space for storing a certificate may be preset in a TEE of the new terminal when the new terminal is manufactured by a manufacturer of the new terminal; alternatively, for an existing terminal, the above space is set in the TEE of the existing terminal by an application.
FIG. 4a shows a schematic diagram of a space of a SE storing keys according to one embodiment of the invention; fig. 4b shows a schematic diagram of a space storing a TEE of a TA according to one embodiment of the invention.
As shown in fig. 4a, a plurality of spaces or tables are provided in the SE, each of which may store a set of data. For example, the first column of the table stores keyid_1, pin_1, and pivk_1, where keyid_1 represents the ID of the digital certificate of the first APP, pivk_1 represents the private key of the digital certificate to which APP corresponds, and pin_1 represents the PIN code for that private key. Accordingly, keyid_2 represents the ID of the digital certificate of the second application APP, and the like.
As shown in fig. 4b, a plurality of spaces or tables are provided in the TEE, and each space may also store a set of data. For example, the first column of the table stores keyid_1 and appid_1, where keyid_1 represents the ID of the certificate in the SE, appid_1 represents the ID of the application APP (e.g., the handset APP of the business bank) to which the ID corresponds, and so on.
It should be understood that fig. 4a and 4b illustrate only one example of the present invention, but do not limit the storage format of the present invention.
Compared with the prior art, the method and the system provided by the invention can verify the authenticity and the legality of the equipment, prevent illegal access by an illegal terminal or an unregistered terminal, and obviously need to enhance the security of network transaction.
Furthermore, although the operations of the methods of the present invention are depicted in the drawings in a particular order, this is not required to either imply that the operations must be performed in that particular order or that all of the illustrated operations be performed to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim.
Claims (4)
1. A method of applying for credentials, characterized by: comprising the following steps:
the method comprises the steps that a user terminal sends a certificate application request to a bank subsystem, wherein the certificate application request comprises a device ID of the user terminal;
the second step, the bank subsystem sends the certificate application request to an authentication center;
a third step, in which the mobile key center in the authentication center determines the authenticity of the user terminal according to the device ID in the certificate application request, if the user terminal is true, the certificate application request is sent to the bank subsystem, the bank subsystem sends the certificate application request to a certificate authentication server in the authentication center to apply a certificate from the certificate authentication server,
the user terminal comprises a security element SE, a trusted execution environment TEE and a rich execution environment REE, wherein the SE is used for storing a secret key; the TEE is used for storing a trusted application TA corresponding to the key; and an APP running in the re, the running of the APP being based on a key in the SE and a TA in the TEE;
the first step includes:
the Applet in the SE generates a key pair and sends a public key of the key pair to the TA;
the TA sends the public key and the equipment ID to the APP in REE;
the APP generates a credential application request including the device ID and sends the credential application request to the banking subsystem,
wherein, the bank subsystem includes an application server and a certificate registration auditing system RA, and the second step includes:
the application server receives the certificate application request;
the application server forwards the received credential application request to the RA,
the applied credentials are stored in the SE of the user terminal or in the TEE.
2. The method according to claim 1, characterized in that: wherein the third step comprises:
the mobile key center receives a certificate application request from the RA and determines the authenticity of the user terminal according to the equipment ID in the certificate application request; if the user terminal is true, the certificate application request is sent to an RA;
the RA sends the certificate application request to a certificate authentication server CA of the authentication center to apply for a certificate from the certificate authentication server.
3. A system for applying for certificates, comprising: comprising the following steps: user terminal, a banking subsystem in communication with the user terminal and an authentication center in communication with the banking subsystem, wherein
The user terminal is configured to send a certificate application request to the bank subsystem, wherein the certificate application request comprises the equipment ID of the user terminal;
the bank subsystem is configured to send the certificate application request to the authentication center;
the authentication center comprises a mobile key center and a certificate authentication server, the mobile key center determines the authenticity of the user terminal according to the equipment ID in the certificate application request, if the user terminal is true, the certificate application request is sent to the bank subsystem, the bank subsystem sends the certificate application request to the certificate authentication server to apply for a certificate from the certificate authentication server,
the user terminal comprises a security element SE, a trusted execution environment TEE and a rich execution environment REE, wherein the SE is used for storing a secret key; the TEE is used for storing a trusted application TA corresponding to the key; and an APP running in the re, the running of the APP being based on a key in the SE and a TA in the TEE; wherein,
the Applet in the SE generates a key pair and sends a public key of the key pair to the TA;
the TA sends the public key and the equipment ID to the APP in REE;
the APP generates a certificate application request comprising the device ID and sends the certificate application request to the banking subsystem, the banking subsystem comprises an application server and a certificate registration auditing system RA,
the application server is configured to receive the certificate application request;
the application server is configured to forward the received credential application request to the RA,
the applied credentials are stored in the SE of the user terminal or in the TEE.
4. A system according to claim 3, characterized in that: wherein,
the mobile key center is configured to receive a certificate application request from the RA and determine the authenticity of the user terminal according to the equipment ID in the certificate application request; if the user terminal is true, the certificate application request is sent to an RA;
the RA is configured to send the certificate application request to a certificate authentication server CA of the authentication center to apply for a certificate from the certificate authentication server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811446324.2A CN111242615B (en) | 2018-11-29 | 2018-11-29 | Certificate application method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811446324.2A CN111242615B (en) | 2018-11-29 | 2018-11-29 | Certificate application method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111242615A CN111242615A (en) | 2020-06-05 |
| CN111242615B true CN111242615B (en) | 2024-02-20 |
Family
ID=70872204
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811446324.2A Active CN111242615B (en) | 2018-11-29 | 2018-11-29 | Certificate application method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111242615B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050056823A (en) * | 2003-12-10 | 2005-06-16 | 사이버씨브이에스(주) | Method for certification of digital tv banking |
| CN1894885A (en) * | 2003-10-17 | 2007-01-10 | 阿雷伊通讯有限公司 | Digital certificate to user terminal hardware in a wireless network |
| CN102202307A (en) * | 2011-06-17 | 2011-09-28 | 刘明晶 | Mobile terminal identity authentication system and method based on digital certificate |
| CN106506472A (en) * | 2016-11-01 | 2017-03-15 | 黄付营 | A kind of safe mobile terminal digital certificate method and system |
| CN106789067A (en) * | 2016-12-13 | 2017-05-31 | 北京握奇智能科技有限公司 | A kind of mobile phone Net silver Key method and system based on TEE and wearable device |
| CN108229956A (en) * | 2017-12-13 | 2018-06-29 | 北京握奇智能科技有限公司 | Network bank business method, apparatus, system and mobile terminal |
-
2018
- 2018-11-29 CN CN201811446324.2A patent/CN111242615B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1894885A (en) * | 2003-10-17 | 2007-01-10 | 阿雷伊通讯有限公司 | Digital certificate to user terminal hardware in a wireless network |
| KR20050056823A (en) * | 2003-12-10 | 2005-06-16 | 사이버씨브이에스(주) | Method for certification of digital tv banking |
| CN102202307A (en) * | 2011-06-17 | 2011-09-28 | 刘明晶 | Mobile terminal identity authentication system and method based on digital certificate |
| CN106506472A (en) * | 2016-11-01 | 2017-03-15 | 黄付营 | A kind of safe mobile terminal digital certificate method and system |
| CN106789067A (en) * | 2016-12-13 | 2017-05-31 | 北京握奇智能科技有限公司 | A kind of mobile phone Net silver Key method and system based on TEE and wearable device |
| CN108229956A (en) * | 2017-12-13 | 2018-06-29 | 北京握奇智能科技有限公司 | Network bank business method, apparatus, system and mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111242615A (en) | 2020-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11258777B2 (en) | Method for carrying out a two-factor authentication | |
| US9838205B2 (en) | Network authentication method for secure electronic transactions | |
| US8689290B2 (en) | System and method for securing a credential via user and server verification | |
| CN111756533B (en) | System, method and storage medium for secure password generation | |
| CN101312453B (en) | User terminal, method for login network service system | |
| US9325708B2 (en) | Secure access to data in a device | |
| US8661252B2 (en) | Secure network address provisioning | |
| EP2204008B1 (en) | Credential provisioning | |
| EP2954448B1 (en) | Provisioning sensitive data into third party network-enabled devices | |
| CN109639427B (en) | Data sending method and equipment | |
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| KR100380508B1 (en) | Method of establishing the trustworthiness level of a participant in a communication connection | |
| EP2251810B1 (en) | Authentication information generation system, authentication information generation method, and authentication information generation program utilizing a client device and said method | |
| US8433908B2 (en) | Card issuing system, card issuing server, card issuing method and program | |
| US20130290718A1 (en) | Mobile storage device and the data processing system and method based thereon | |
| KR101817152B1 (en) | Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential | |
| CN111062059B (en) | Method and device for service processing | |
| WO2010031142A1 (en) | Method and system for user authentication | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN114338091B (en) | Data transmission method, device, electronic equipment and storage medium | |
| JP2001069138A (en) | User verifying system on internet for shared key enciphered ic card | |
| CN111242615B (en) | Certificate application method and system | |
| CN115459929A (en) | Security verification method, apparatus, electronic device, system, medium, and product | |
| US20240054204A1 (en) | Digital id storage and federation service model | |
| CN117063174A (en) | Security module and method for inter-app trust through app-based identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |