CN111641502B - Electronic certificate downloading method and device based on super counter - Google Patents

Electronic certificate downloading method and device based on super counter Download PDF

Info

Publication number
CN111641502B
CN111641502B CN202010484601.XA CN202010484601A CN111641502B CN 111641502 B CN111641502 B CN 111641502B CN 202010484601 A CN202010484601 A CN 202010484601A CN 111641502 B CN111641502 B CN 111641502B
Authority
CN
China
Prior art keywords
electronic certificate
medium
certificate
server
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010484601.XA
Other languages
Chinese (zh)
Other versions
CN111641502A (en
Inventor
王蕾
刘海鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202010484601.XA priority Critical patent/CN111641502B/en
Publication of CN111641502A publication Critical patent/CN111641502A/en
Application granted granted Critical
Publication of CN111641502B publication Critical patent/CN111641502B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a method and a device for acquiring an electronic certificate based on a super counter, wherein the method comprises the following steps: initializing a security medium after detecting a security medium access signal; identifying the secure medium, acquiring a birth certificate of the secure medium, and initializing a password input by a user into the secure medium; server signature verification of a security medium based on password control; acquiring an electronic certificate data packet of a security medium sent by a server after verification and approval are correct, generating an electronic certificate, and installing the electronic certificate data packet in the security medium; and uploading the related information of the electronic certificate to a server so as to update the state of the electronic certificate. According to the super counter-based electronic certificate acquisition method and device, after the user signs up from the super counter and acquires the security medium, the user can automatically acquire the electronic certificate and install the electronic certificate on the security medium only by inserting the security medium and setting the password, the whole process is simple and rapid, and the efficiency of downloading the electronic certificate by the security medium is greatly improved.

Description

Electronic certificate downloading method and device based on super counter
Technical Field
The invention relates to an IT information security technology, in particular to a super counter-based electronic certificate downloading method and device.
Background
The super counter is self-service business equipment in a bank, integrates the banking business process with hardware equipment to form a plurality of devices such as a card sender, a printer, a fingerprint instrument, an identity card reader, a camera, a scanner, a high-speed camera, a signature board and the like, and is used by a customer under the guidance of marketing service personnel by applying intelligent customer identification, touch technology, video transmission and other technologies; the business processing instructions are sent to a background operation center through the technical means, and a plurality of teams in the center perform concurrent specialized centralized processing, so that various businesses such as card opening, electronic bank signing, transfer, fund, financial accounting, loan, cash deposit and withdrawal, bill transfer and the like can be transacted.
The electronic bank signing with card opening linkage is one of very important business of super counter, and although the counter can also open and sign with card, the customer also needs to operate separately to download the security medium certificate, which takes too long time and brings inconvenience to the customer. If a manual teller issues a K-bank to a client, the client brings the secure media home and downloads the secure media certificate by using an online banking.
Disclosure of Invention
In view of this, the present invention provides the following technical solutions:
a super counter-based electronic certificate acquisition method comprises the following steps:
initializing the security medium after detecting the security medium access signal;
identifying the secure medium, acquiring a birth certificate of the secure medium, and initializing a password input by a user into the secure medium;
a server for carrying out the secure media is used for checking labels based on the password control;
acquiring an electronic certificate data packet of the security medium, which is sent by the server after verification of the signature, generating an electronic certificate, and installing the electronic certificate data packet in the security medium;
and uploading the related information of the electronic certificate to a server so as to update the state of the electronic certificate.
Optionally, the server signature verification of the secure medium based on the cryptographic control includes:
invoking the secure medium and generating a key pair based on the password;
an IDSign data packet of the public key certificate request P10 packet and the authentication key is generated and sent to the server.
Optionally, the acquiring and installing the electronic certificate data packet of the secure medium includes:
and acquiring and installing an electronic certificate P7 data packet obtained by the server according to the security medium serial number CA.
Optionally, the method further comprises:
integrating multiple types of security media drives of different manufacturers in the system in advance;
then prior to said acquiring the birth certificate of the secure medium, comprising:
and determining the equipment type of the secure medium, and determining that the secure medium drive corresponding to the equipment type is normally installed.
Optionally, after the uploading the related information of the electronic certificate to the server, the method further includes:
and sending prompt information of completion of downloading the electronic certificate.
An electronic certificate acquisition device based on super counter, comprising:
the initialization module is used for initializing the secure medium after detecting the secure medium access signal;
the initial processing module is used for identifying the secure medium, acquiring a birth certificate of the secure medium and initializing a password input by a user into the secure medium;
the signature verification processing module is used for carrying out server signature verification on the security medium based on the password control;
the certificate processing module is used for acquiring an electronic certificate data packet of the security medium, which is sent by the server after verification and approval are correct, generating an electronic certificate and installing the electronic certificate data packet in the security medium;
and the certificate updating module is used for uploading the related information of the electronic certificate to a server so as to update the state of the electronic certificate.
Optionally, the signature verification processing module includes:
the key generation module is used for calling the secure medium and generating a key pair based on the password;
and the data transmission module is used for generating a public key certificate request P10 packet and an IDSIgn data packet of the verification key and transmitting the data packet to the server.
Optionally, the certificate processing module is specifically configured to: and acquiring and installing an electronic certificate P7 data packet obtained by the server according to the security medium serial number CA, and generating an electronic certificate.
Optionally, the method further comprises:
the drive integration module is used for integrating multiple types of safety medium drives of different manufacturers in the system in advance;
the drive detection module is used for determining the equipment type of the security medium before the initial processing module acquires the birth certificate of the security medium and determining that the security medium drive corresponding to the equipment type is normally installed.
Optionally, the method further comprises:
and the information prompt module is used for sending prompt information of completion of downloading the electronic certificate after the certificate update module uploads the information related to the electronic certificate to the server.
Compared with the prior art, the embodiment of the invention discloses a super counter-based electronic certificate acquisition method and device, wherein the method comprises the following steps: initializing the security medium after detecting the security medium access signal; identifying the secure medium, acquiring a birth certificate of the secure medium, and initializing a password input by a user into the secure medium; a server for carrying out the secure media is used for checking labels based on the password control; acquiring an electronic certificate data packet of the security medium, which is sent by the server after verification of the signature, generating an electronic certificate, and installing the electronic certificate data packet in the security medium; and uploading the related information of the electronic certificate to a server so as to update the state of the electronic certificate. According to the super counter-based electronic certificate acquisition method and device, after the user signs up from the super counter and acquires the security medium, the user can automatically complete interaction with the server only by inserting the security medium and inputting and setting the password, the whole process of automatically acquiring the electronic certificate and installing the electronic certificate to the security medium is simple and quick, the efficiency of downloading the electronic certificate by the security medium is greatly improved, and the operation flow is simplified.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a super counter-based electronic certificate acquisition method according to an embodiment of the present invention;
FIG. 2 is a flow chart of a server signature verification of a security medium disclosed in an embodiment of the present invention;
FIG. 3 is a flow chart of another super counter based electronic certificate downloading method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a complete business process of a user at a super counter according to an embodiment of the present invention;
FIG. 5 is a diagram of a first implementation operation interface according to an embodiment of the present invention;
fig. 6 is a diagram of a first two-implementation operation interface according to an embodiment of the present invention;
FIG. 7 is a diagram of a third implementation of an operator interface according to an embodiment of the present invention;
FIG. 8 is a diagram of a fourth implementation of an operator interface according to an embodiment of the present invention;
FIG. 9 is a diagram of a fifth implementation of an operator interface according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of an electronic certificate acquiring device based on a super counter according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of a signature verification processing module according to an embodiment of the present invention.
Detailed Description
For reference and clarity, the description, shorthand or abbreviations of technical terms used hereinafter are summarized as follows:
CSP: cryptographic serviceprovider, CSP is the underlying cryptographic interface standard specified by Microsoft for Windows-family operating systems for managing cryptographic devices in hardware or software.
Birth certificate: the public key and the secure media number constitute the main body of the birth certificate.
P10 packet: the public key request packet PKCS10 parses the certificate request packet.
Certificate DN: the user field content in the detailed information tag.
IDSign: signature of the public key of the transaction using the protection private key.
P7 packet: PKCS7 certificate data package.
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a flowchart of a super counter-based electronic certificate acquisition method according to an embodiment of the present invention, and referring to fig. 1, the super counter-based electronic certificate acquisition method may include:
step 101: and initializing the secure medium after detecting the secure medium access signal.
After signing a contract and obtaining the security medium, the user can insert the security medium into the USB interface of the super counter, and after the security medium is inserted, the super counter system can detect the intervention signal of the security medium and start to initialize the security medium.
Step 102: and identifying the secure medium, acquiring a birth certificate of the secure medium, and initializing a password input by a user into the secure medium.
And after the initialization of the security medium is completed, driving the security medium, and automatically identifying the security medium to obtain the birth certificate of the security medium. After the birth certificate of the security medium is obtained, the security medium becomes an identity security medium, and the subsequent operations of the security medium such as verification, electronic certificate acquisition and the like can be continued.
After the birth certificate of the secure medium is obtained, a user can be guided and prompted to input the password of the secure medium on the display interface, and then the password input by the user is initialized into the secure medium to be used as the secure authentication information of the secure medium.
Initializing a user input password into the secure medium, and calling a K-bank driver to generate a key pair in the K-bank.
Step 103: and carrying out server signing verification of the security medium based on the password control.
The general process of the server signature verification of the secure medium can be that the super counter side generates data based on the password and a certain rule, wherein the data can be combined with an electronic certificate to request one and sent to the server, and the server executes the signature verification of the secure medium. The process of server authentication of the secure media based on the cryptographic control may include: and obtaining the public key signature of the secure medium transaction according to the certificate DN, the certificate key type, the HASH algorithm and the certificate type. The server-side authentication of secure media is prior art and will not be described in any more detail herein, a specific implementation of the server authentication of secure media based on the cryptographic control will be described in the following embodiments.
Step 104: the method comprises the steps of obtaining an electronic certificate data packet of the security medium, which is sent by the server after verification and approval, generating an electronic certificate, and installing the electronic certificate data packet in the security medium.
After the server signs the security medium, the security medium is checked, a third party can acquire an electronic certificate data packet of the security medium, and then the electronic certificate data packet is issued to a super counter side. And the super counter generates an electronic certificate according to the electronic certificate data packet and then controls the installation of the electronic certificate data packet in a secure medium.
Step 105: and uploading the related information of the electronic certificate to a server so as to update the state of the electronic certificate.
After the electronic certificate of the secure medium is generated, the super counter can upload relevant information thereof to the server so that the server side updates relevant information of the electronic certificate of the secure medium. For example, registering information such as a certificate subject DN and a status of the electronic certificate with the server may be included.
According to the electronic certificate obtaining method based on the super counter, after a user signs up from the super counter and obtains the security medium, the user can automatically complete interaction with the server only by inserting the security medium and setting a password, the electronic certificate is automatically obtained and installed on the security medium, the whole process is simple and rapid, the efficiency of downloading the electronic certificate by the security medium is greatly improved, and the operation flow is simplified.
Fig. 2 is a flowchart of a server tag verification of a secure medium according to an embodiment of the present invention, and in combination with the flowchart shown in fig. 2, the server tag verification of the secure medium based on the cryptographic control may include:
step 201: and calling the secure medium, and generating a key pair based on the password.
Specifically, a secure media driver is called to generate a key pair in the secure media.
Step 202: an IDSign data packet of the public key certificate request P10 packet and the authentication key is generated and sent to the server.
And creating a public key P10 package according to the certificate DN, the certificate key type, the HASH algorithm and the certificate type, and then acquiring a secure medium transaction public key signature to generate a transaction key. ( A signature of the public key of the transaction, i.e. IDSign, with the protection key is obtained. To ensure that the random number cannot be replayed, in addition, IDSign can only be derived once for one P10. )
In a specific implementation, the generation of the key pair can be combined with common means in the existing key generation technology, such as a hash algorithm, and the specific key pair generation strategy and the adopted technical means can be different according to different application scene requirements.
In the foregoing embodiment, the acquiring and installing the electronic certificate data packet of the secure medium may include: the data package of the electronic certificate P7 (a signature format) obtained by the server according to the secure media serial number CA (certification authority, authority that issued the digital certificate) is acquired and installed.
After verifying the validity of the signature, the P10 packet is used for applying the CA for the P7 data packet of the electronic certificate.
Fig. 3 is a flowchart of another electronic certificate downloading method based on super counter according to an embodiment of the present invention, as shown in fig. 3, may include:
step 301: multiple types of secure media drives of different vendors are integrated in the system in advance.
The super counter can have larger inclusion by integrating multiple types of security media drives of different manufacturers, and can finish the downloading of electronic certificates of multiple types of security media.
Step 302: and initializing the secure medium after detecting the secure medium access signal.
Step 303: and determining the equipment type of the secure medium, and determining that the secure medium drive corresponding to the equipment type is normally installed.
Meanwhile, whether the secure medium CSP is installed correctly, whether the secure medium is communicated and available and the like can be detected.
Step 304: and initializing a password input by a user into the secure medium based on the secure medium driver corresponding to the device type, identifying the secure medium and acquiring a birth certificate of the secure medium.
Step 305: and carrying out server signing verification of the security medium based on the password control.
Step 306: the method comprises the steps of obtaining an electronic certificate data packet of the security medium, which is sent by the server after verification and approval, generating an electronic certificate, and installing the electronic certificate data packet in the security medium.
Step 307: and uploading the related information of the electronic certificate to a server so as to update the state of the electronic certificate.
The electronic certificate acquisition method based on the super counter is simple and quick in the whole process of acquiring the electronic certificate of the security medium, supports automatic identification and reading of the security medium types of various different manufacturers, has good inclusion and is wide in application range.
In other implementations, the method for downloading the electronic certificate based on the super counter may further include, after the uploading the related information of the electronic certificate to the server: and sending prompt information of completion of downloading the electronic certificate. That is, the user may unplug the secure medium, prompting that the electronic certificate of the secure medium has been downloaded.
In a specific implementation, in the electronic certificate acquisition method based on the super counter, the super counter can integrate the functions of card opening, electronic bank signing, signing a K-bank, automatic certificate downloading, automatic K-bank driving updating and the like, the core point is high integration, after a customer finishes the identity card swiping, the super counter automatically judges the card opening quantity and signing conditions of a card opening customer, and the customer can automatically operate to finish the processes of card opening, signing and certificate downloading in a simple way.
Fig. 4 is a schematic diagram of a complete business process of a user at a super counter according to an embodiment of the present invention, and the following examples can be understood in conjunction with fig. 4: after a customer takes a debit card and a K (a security medium) which are automatically discharged by a super counter, the customer inserts a USB port, initializes the K, detects the equipment environment, checks the equipment type of the K, judges whether equipment driving is normal, then detects the number of the inserted K, firstly obtains the number M of the K, judges the number N of all the inserted K, prompts the customer to check a plurality of K, if N > M or M >1, prompts the customer to insert the K, and prepares to download certificates after the detection is normal. Firstly, the birth certificate of the K treasures is acquired, and the password of the K treasures is initialized into the K treasures. And calling the K treasures to generate a key pair, generating a public key certificate request P10 packet and an IDSIgn data packet for verifying the key, verifying the IDSIgn data packet at a server, calling the CA to acquire a certificate P7 data packet, installing the applied certificate P7 packet into K treasures equipment, and calling the server to update the certificate state after the certificate is successfully generated. The whole business process is completed by a super counter electronic certificate automatic downloading system except for selecting card type, signing product and medium type and inserting automatically issued K treasures into USB, and the super counter system can support K treasures of different manufacturers by using the super counter system to realize operation interfaces as shown in fig. 5, 6, 7, 8 and 9, and only the manufacturers need to reform the drivers according to the super counter system specifications.
For the foregoing method embodiments, for simplicity of explanation, the methodologies are shown as a series of acts, but one of ordinary skill in the art will appreciate that the present invention is not limited by the order of acts, as some steps may, in accordance with the present invention, occur in other orders or concurrently. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present invention.
The method is described in detail in the embodiments disclosed in the present invention, and the method can be implemented by using various types of devices, so that the present invention also discloses a device, and specific embodiments are given below for details.
Fig. 10 is a schematic structural diagram of a super counter-based electronic certificate acquiring apparatus according to an embodiment of the present invention, and referring to fig. 10, the super counter-based electronic certificate acquiring apparatus 100 may include:
an initialization module 1001 is configured to initialize a secure medium after detecting a secure medium access signal.
An initialization processing module 1002, configured to identify the secure medium and obtain a birth certificate of the secure medium, and initialize a password input by a user into the secure medium.
And the signature verification processing module 1003 is used for performing server signature verification on the security medium based on the password control.
The certificate processing module 1004 is configured to obtain an electronic certificate data packet of the secure medium sent by the server after verification of the signature, generate an electronic certificate, and install the electronic certificate data packet in the secure medium.
A certificate updating module 1005 is configured to upload information related to the electronic certificate to a server, so that the electronic certificate status is updated.
According to the electronic certificate obtaining device based on the super counter, after a user signs up from the super counter and obtains the security medium, the user only needs to insert the security medium and set a password, the follow-up super counter can automatically complete interaction with the server, automatically obtain the electronic certificate and install the electronic certificate on the security medium, the whole process is simple and quick, the efficiency of downloading the electronic certificate by the security medium is greatly improved, and the operation flow is simplified.
Fig. 11 is a schematic structural diagram of a signature verification processing module disclosed in the embodiment of the present invention, and referring to fig. 11, a signature verification processing module 1003 may include:
a key generation module 1101, configured to invoke the secure medium and generate a key pair based on the password.
The data sending module 1102 is configured to generate and send an IDSign data packet of the public key certificate request P10 packet and the verification key to the server.
In the foregoing embodiment, the certificate processing module may specifically be configured to: and acquiring and installing an electronic certificate P7 data packet obtained by the server according to the security medium serial number CA, and generating an electronic certificate.
In other implementations, the super counter based electronic certificate downloading apparatus may further include: the drive integration module is used for integrating multiple types of safety medium drives of different manufacturers in the system in advance; the drive detection module is used for determining the equipment type of the security medium before the initial processing module acquires the birth certificate of the security medium and determining that the security medium drive corresponding to the equipment type is normally installed.
In other implementations, the super counter based electronic certificate downloading apparatus may further include: and the information prompt module is used for sending prompt information of completion of downloading the electronic certificate after the certificate updating module uploads the electronic certificate to the server.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A super counter-based electronic certificate acquisition method, wherein the method is applied to a super counter, the method comprising:
initializing the security medium after detecting the security medium access signal;
identifying the secure medium, acquiring a birth certificate of the secure medium, and initializing a password input by a user into the secure medium;
automatically controlling a server for signing the secure medium based on the password;
acquiring an electronic certificate data packet of the security medium, which is sent by the server after verification of the signature, generating an electronic certificate, and installing the electronic certificate data packet in the security medium;
and uploading the related information of the electronic certificate to a server so as to update the state of the electronic certificate.
2. The super counter based electronic certificate downloading method as set forth in claim 1, wherein said server signing said secure medium based on said cryptographic control comprises:
invoking the secure medium and generating a key pair based on the password;
an IDSign data packet of the public key certificate request P10 packet and the authentication key is generated and sent to the server.
3. The super counter based electronic certificate downloading method as set forth in claim 1, wherein said acquiring and installing the electronic certificate data package of the secure medium comprises:
and acquiring and installing an electronic certificate P7 data packet obtained by the server according to the security medium serial number CA.
4. The super counter based electronic certificate downloading method as set forth in claim 1, further comprising:
integrating multiple types of security media drives of different manufacturers in the system in advance;
then prior to said acquiring the birth certificate of the secure medium, comprising:
and determining the equipment type of the secure medium, and determining that the secure medium drive corresponding to the equipment type is normally installed.
5. The super counter-based electronic certificate downloading method as set forth in claim 1, further comprising, after said uploading said electronic certificate related information to a server:
and sending prompt information of completion of downloading the electronic certificate.
6. An electronic certificate acquisition device based on super counter, comprising:
the initialization module is used for initializing the secure medium after detecting the secure medium access signal;
the initial processing module is used for identifying the secure medium, acquiring a birth certificate of the secure medium and initializing a password input by a user into the secure medium;
the signature verification processing module is used for automatically controlling the server signature verification of the security medium based on the password;
the certificate processing module is used for acquiring an electronic certificate data packet of the security medium, which is sent by the server after verification and approval are correct, generating an electronic certificate and installing the electronic certificate data packet in the security medium;
and the certificate updating module is used for uploading the related information of the electronic certificate to a server so as to update the state of the electronic certificate.
7. The super counter-based electronic certificate downloading apparatus as set forth in claim 6, wherein said signature verification processing module comprises:
the key generation module is used for calling the secure medium and generating a key pair based on the password;
and the data transmission module is used for generating a public key certificate request P10 packet and an IDSIgn data packet of the verification key and transmitting the data packet to the server.
8. The super counter-based electronic certificate downloading apparatus as set forth in claim 6, wherein said certificate processing module is specifically configured to: and acquiring and installing an electronic certificate P7 data packet obtained by the server according to the security medium serial number CA, and generating an electronic certificate.
9. The super counter based electronic certificate downloading apparatus as set forth in claim 6, further comprising:
the drive integration module is used for integrating multiple types of safety medium drives of different manufacturers in the system in advance;
the drive detection module is used for determining the equipment type of the security medium before the initial processing module acquires the birth certificate of the security medium and determining that the security medium drive corresponding to the equipment type is normally installed.
10. The super counter based electronic certificate downloading apparatus as set forth in claim 6, further comprising:
and the information prompt module is used for sending prompt information of completion of downloading the electronic certificate after the certificate update module uploads the information related to the electronic certificate to the server.
CN202010484601.XA 2020-06-01 2020-06-01 Electronic certificate downloading method and device based on super counter Active CN111641502B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010484601.XA CN111641502B (en) 2020-06-01 2020-06-01 Electronic certificate downloading method and device based on super counter

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010484601.XA CN111641502B (en) 2020-06-01 2020-06-01 Electronic certificate downloading method and device based on super counter

Publications (2)

Publication Number Publication Date
CN111641502A CN111641502A (en) 2020-09-08
CN111641502B true CN111641502B (en) 2023-08-04

Family

ID=72331142

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010484601.XA Active CN111641502B (en) 2020-06-01 2020-06-01 Electronic certificate downloading method and device based on super counter

Country Status (1)

Country Link
CN (1) CN111641502B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527714A (en) * 2008-12-31 2009-09-09 北京飞天诚信科技有限公司 Method, device and system for accreditation
CN206075401U (en) * 2016-09-29 2017-04-05 中国工商银行股份有限公司 A kind of sales counter information processing terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977193B (en) * 2010-10-28 2013-11-13 飞天诚信科技股份有限公司 Method and system for safely downloading certificate
CN203038373U (en) * 2012-12-03 2013-07-03 中国农业银行股份有限公司浙江省分行 Self-service electronic product contracting and card-sending integrated machine
CN107316381A (en) * 2016-09-29 2017-11-03 中国工商银行股份有限公司 A kind of sales counter information processing method, terminal and business handling system
WO2019178763A1 (en) * 2018-03-21 2019-09-26 福建联迪商用设备有限公司 Certificate importing method and terminal

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527714A (en) * 2008-12-31 2009-09-09 北京飞天诚信科技有限公司 Method, device and system for accreditation
CN206075401U (en) * 2016-09-29 2017-04-05 中国工商银行股份有限公司 A kind of sales counter information processing terminal

Also Published As

Publication number Publication date
CN111641502A (en) 2020-09-08

Similar Documents

Publication Publication Date Title
US8621595B2 (en) System and method for authenticating a network gateway
US6202924B1 (en) Method of authenticating an application program and a system therefor
US7979894B2 (en) Electronic verification service systems and methods
US8608057B1 (en) Banking machine that operates responsive to data bearing records
CA3026289C (en) Information processing device and information processing method
JP6585038B2 (en) Systems and methods for encryption
US11562351B2 (en) Interoperable mobile-initiated transactions with dynamic authentication
US8281985B1 (en) Card activated cash dispensing automated banking machine customization system and method
US10825025B2 (en) Scheme for frictionless cardholder authentication
TWM532613U (en) System for card-less automated teller transactions
CN111641502B (en) Electronic certificate downloading method and device based on super counter
RU106419U1 (en) SYSTEM OF BIOMETRIC VERIFICATION OF HOLDERS OF PRO MAP 100
TWI600308B (en) System for using valid certificate to apply mobile certificate online and method thereof
TWM603166U (en) Financial transaction device and system with non-contact authentication function
US20200167766A1 (en) Security and authentication of interaction data
CN111681010A (en) Transaction verification method and device
TWI801744B (en) Financial transaction device, method and system with non-contact authentication function
KR101468778B1 (en) System and method for servicing app bankbook
US11704687B1 (en) Modification of transaction fees
CN116599717A (en) Data processing method, system, device, computer equipment and storage medium
CN117527244A (en) Data processing method, data verification method, data processing device, electronic equipment and storage medium
KR20060097688A (en) Method for providing financial card settlement using biometrics information
TW201738826A (en) System for card-less automated teller transactions
KR20090003393A (en) System and method and server for operating merchandise coupon and program recording medium, device for drawing out merchandise coupon

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant