CN113242134A - Digital certificate signature method, device, system and storage medium - Google Patents

Digital certificate signature method, device, system and storage medium Download PDF

Info

Publication number
CN113242134A
CN113242134A CN202110497547.7A CN202110497547A CN113242134A CN 113242134 A CN113242134 A CN 113242134A CN 202110497547 A CN202110497547 A CN 202110497547A CN 113242134 A CN113242134 A CN 113242134A
Authority
CN
China
Prior art keywords
signature
certificate
user
mobile terminal
intelligent mobile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110497547.7A
Other languages
Chinese (zh)
Other versions
CN113242134B (en
Inventor
陈洲
邹星驰
张志恒
费正宇
黄伊莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guotai Epoint Software Co Ltd
Original Assignee
Guotai Epoint Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guotai Epoint Software Co Ltd filed Critical Guotai Epoint Software Co Ltd
Priority to CN202110497547.7A priority Critical patent/CN113242134B/en
Publication of CN113242134A publication Critical patent/CN113242134A/en
Application granted granted Critical
Publication of CN113242134B publication Critical patent/CN113242134B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to a digital certificate signature method, a device, a system and a storage medium, comprising the following steps: scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal, and acquiring signature identification information contained in the two-dimensional code, wherein the signature identification information indicates identity information of a user and a transaction center where the user is currently located; acquiring and displaying signature request data to indicate a user to trigger a confirmation signature; and receiving information for triggering and confirming the signature by the user according to the signature request data, and sending the information to the certificate server so as to enable the certificate server to carry out signature, and returning a signature result to the client. The problem that USBKey certificates of all places are incompatible and the use environment is harsh due to the fact that different USBKey and CA certificate suppliers are used by all places of an existing electronic transaction system can be solved.

Description

Digital certificate signature method, device, system and storage medium
Technical Field
The application relates to a digital certificate signature method, a device, a system and a storage medium, belonging to the technical field of computer network security.
Background
Digital certificates have a wide range of applications in network communication security, such as identity authentication, data integrity authentication, and data confidentiality enhancement, and are an indispensable part of network communication. The existing digital certificate storage modes are generally divided into two types, namely an intelligent password key and a soft certificate. The intelligent cipher key is usually a USB device with a CPU, and is connected to the computer through a USB interface. Soft certificates are typically stored in the form of files in a computer storage device or in a location designated by the operating system.
The electronic transaction bid and ask system generally stores the digital certificate in the USBKey, uses the USBKey as a storage medium of a CA certificate, and then realizes the functions of identity authentication, electronic signature and data signature verification, encryption and decryption and the like through the USBKey certificate.
CA organizations provide authentication services for electronic transaction systems in various places, and transaction centers in various places use different USBKey and CA certificate suppliers, so that the problems of incompatibility in various places, harsh use environment, high charging and the like are caused.
Disclosure of Invention
The application provides a digital certificate storage method and device taking a mobile phone as a medium and a storage medium, which can solve the problems that USBKey certificates of all places are incompatible and the use environment is harsh because different USBKey and CA certificate suppliers are used by transaction centers of all places in the existing electronic transaction system.
The application provides the following technical scheme:
the first aspect provides a digital certificate signing method, which is applied to an intelligent mobile terminal, and the method comprises the following steps:
scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal, and acquiring signature identification information contained in the two-dimensional code, wherein the signature identification information indicates identity information of a user and a transaction center where the user is currently located;
acquiring and displaying signature request data to indicate a user to trigger a confirmation signature;
and receiving information for triggering and confirming the signature by the user according to the signature request data, and sending the information to the certificate server so as to enable the certificate server to carry out signature, and returning a signature result to the client.
Optionally, in an embodiment of the first aspect of the present application, the method further includes, at the step of installing, by the smart mobile terminal, the digital certificate APP:
generating a signature key pair and generating a certificate issuing request file;
adding a CA configuration item to the certificate issuing request file and sending the CA configuration item to a CA mechanism so as to request the CA mechanism to perform certificate issuing operation;
acquiring an encryption certificate issued by a CA (certificate authority);
decrypting the encrypted certificate to obtain a certificate file;
and installing and storing the certificate file.
Optionally, in an embodiment of the first aspect of the present application, the decrypting the encrypted certificate to obtain the certificate file includes:
asymmetrically decrypting the symmetric key corresponding to the encryption certificate to obtain a symmetric key;
symmetrically decrypting the encrypted private key encrypted by the symmetric secret key to obtain an encrypted private key;
and decrypting the encrypted certificate by using the encrypted private key to obtain a certificate file.
A second aspect provides a digital certificate signing method, which is applied to a certificate server, and the method includes:
acquiring a signature request sent by a client through a trading center, wherein the signature request comprises user identity information and the current trading center of a user;
generating a two-dimensional code according to the user identity information contained in the signature request and the current transaction center of the user, and sending the two-dimensional code to a client for display so that the intelligent mobile terminal scans the two-dimensional code to obtain signature identification information;
receiving signature identification information sent by an intelligent mobile terminal, and acquiring and returning signature request data to indicate the intelligent mobile terminal to confirm a signature according to the signature identification information, wherein the signature request data carries information of a file to be signed;
and after receiving signature confirmation information sent by the intelligent mobile terminal, digitally signing the file to be signed carried in the signature request data, and returning a signature result to the client.
A third aspect provides a digital certificate signing apparatus, which is applied to an intelligent mobile terminal, and the apparatus includes:
the system comprises a two-dimensional code acquisition module, a transaction center and a service center, wherein the two-dimensional code acquisition module is used for scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal and acquiring signature identification information contained in the two-dimensional code, and the signature identification information indicates identity information of a user and the transaction center where the user is currently located;
the signature confirmation module acquires and displays the signature request data to indicate a user to trigger a signature confirmation;
and the signature receiving module is used for receiving the information that the user triggers and confirms the signature according to the signature request data, and sending the information to the certificate server so as to enable the certificate server to carry out signature, and returning a signature result to the client.
Optionally, in an embodiment of the third aspect of the embodiment of the present application, the apparatus further includes a certificate installation module, where the certificate installation module is configured to:
generating a signature key pair and generating a certificate issuing request file;
sending the certificate issuing request file to a CA (certificate Authority) mechanism by carrying a CA configuration item so as to request the CA mechanism to perform certificate issuing operation;
acquiring an encryption certificate issued by a CA (certificate authority);
decrypting the encrypted certificate to obtain a certificate file;
and installing and storing the certificate file.
A fourth aspect provides a digital certificate signing apparatus, applied to a certificate server, the apparatus comprising:
the request acquisition module is used for acquiring a signature request sent by a client through a trading center, wherein the signature request comprises user identity information and the current trading center of a user;
the two-dimension code generating module is used for generating a two-dimension code according to the user identity information contained in the signature request and the current transaction center of the user, and sending the two-dimension code to a client for displaying so that the intelligent mobile terminal scans the two-dimension code to obtain signature identification information;
the signature acquisition module is used for receiving signature identification information sent by the intelligent mobile terminal and acquiring and returning signature request data to indicate the intelligent mobile terminal to confirm the signature according to the signature identification information, wherein the signature request data carries information of a file to be signed;
and the signature module is used for carrying out digital signature on the file to be signed carried in the signature request data after receiving the signature confirmation information sent by the intelligent mobile terminal, and returning a signature result to the client.
A fifth aspect provides a digital certificate signing system, the system comprising a processor and a memory; the memory has stored therein a program that is loaded and executed by the processor to implement the steps of the digital certificate signing method of the first or second aspect.
A computer-readable storage medium, in which a program is stored, which program, when being executed by a processor, is adapted to carry out the steps of the digital certificate signing method according to the first or second aspect.
The beneficial effect of this application lies in: according to the method, the USBKey certificate is replaced by the mobile phone certificate, so that the simultaneous holding of a plurality of certificates is supported, the installation of a driver is abandoned, and the login, signature, encryption and decryption operations of the electronic transaction bidding system through the mobile phone are realized. The method has the advantages of seamless compatibility of multiple certificates, over-the-air certificate issuing, operation tracing, multi-browser support and the like.
The foregoing description is only an overview of the technical solutions of the present application, and in order to make the technical solutions of the present application more clear and clear, and to implement the technical solutions according to the content of the description, the following detailed description is made with reference to the preferred embodiments of the present application and the accompanying drawings.
Drawings
FIG. 1 is a schematic diagram of a network architecture implementing a signature method and apparatus provided by an embodiment of the present application;
FIG. 2 is a flow diagram of a signature method provided by one embodiment of the present application;
fig. 3 is a flowchart illustrating an installation of a data certificate by an intelligent mobile terminal according to an embodiment of the present application;
FIG. 4 is an overall architecture diagram of a digital certificate installation provided by one embodiment of the present application;
FIG. 5 is a flow diagram of a signature method provided by another embodiment of the present application;
FIG. 6 is a block diagram of a signature device provided by one embodiment of the present application;
fig. 7 is a block diagram of a signature apparatus according to another embodiment of the present application.
Fig. 8 is a block diagram of a signature system provided in another embodiment of the present application.
Detailed Description
The following detailed description of embodiments of the present application will be described in conjunction with the accompanying drawings and examples. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.
First, the terms related to the present application will be explained:
asymmetric encryption and decryption, wherein the encryption and decryption keys are a pair and are divided into a public key and a private key, the public key can be completely disclosed, after the other party uses the public key to encrypt data, only the private party can decrypt a ciphertext, and the asymmetric encryption and decryption method is widely used in the aspects of data encryption and data signature.
Symmetric encryption and decryption are mainly used for encrypting a real-time data packet of a secure channel, and the encryption and the decryption both use the same secret key.
Fig. 1 is a schematic diagram of a network architecture capable of implementing the method and apparatus of the present application according to an embodiment of the present application, as shown in fig. 1, the architecture includes a client 1, an intelligent mobile terminal 2, a certificate server 3, a CA organization 4, and a transaction center 5.
The certificate server 3 establishes network connection with the intelligent mobile terminal 2 and the client 1 respectively, wherein the intelligent mobile terminal 2 is provided with a digital certificate APP, namely a new point certificate APP. The client 1 may be a PC. The certificate server 3 may be a server, a computer, or the like.
The client 1, namely the PC end, establishes network connection with the CA mechanism sequentially through the transaction center 5 and the certificate server 3. The intelligent mobile terminal 2 establishes network connection with the CA organization through the certificate server 3.
The specific embodiments of the devices included in the above network architecture will be described in detail below.
Fig. 2 is a digital certificate signing method according to an embodiment of the present application, and this embodiment takes the example that the method is applied to the intelligent mobile terminal shown in fig. 1, and an execution subject of each step is the intelligent mobile terminal. The method comprises the following steps:
s201, scanning the two-dimensional code displayed by the client through a digital certificate APP installed on the intelligent mobile terminal, and acquiring signature identification information contained in the two-dimensional code.
Specifically, the signature identification information of the present embodiment is used to indicate the identity information of the user and the transaction center where the user is currently located.
The present embodiment may trigger a signature request at the client (i.e., PC) by a user (e.g., a bidder), for example, clicking a "signature" button displayed by the client.
When the trading center receives the signature request of the client, the corresponding signature request is sent to the certificate server, and the certificate server generates the two-dimensional code according to the user identity information contained in the two-dimensional code request page and the current trading center (such as the trading center A) of the user.
The two-dimensional code is contained in the request page, sent to the client and displayed at the client.
This embodiment installs digital certificate APP at intelligent mobile terminal, for example, new point certificate passes through APP, passes through this new point certificate and passes through APP, scans the above-mentioned two-dimensional code of client show to acquire the signature identification information that the two-dimensional code contains.
S202: signature request data is retrieved and displayed to indicate to the user to trigger a confirmation of the signature.
Specifically, the signature request in this embodiment includes the file information to be signed, and prompts the user to confirm whether the information to be signed is incorrect and whether the signature is confirmed. The information of the file to be signed refers to the file to be signed requested by the user.
The intelligent mobile terminal scans the two-dimensional code through the digital certificate APP to obtain corresponding signature identification information, sends the signature identification information to the certificate server, the certificate server determines information such as specific bidder identities and transaction centers (such as a transaction center A and a transaction center B) where bidders are located according to the signature identification information, then sends corresponding signature request data to the intelligent mobile terminal, and asks a user to confirm whether to sign. The signature request data carries information of a file to be signed.
S203: and receiving information which is triggered by a user to confirm the signature according to the signature request, sending the information to the certificate server so as to enable the certificate server to carry out signature, and returning a signature result to the client.
Specifically, if the user confirms that the information contained in the file to be signed is correct, the user can click a 'confirm signature' button displayed on a signature request page of the intelligent mobile terminal, and then the signature result can be received at the client.
Fig. 3 is a flowchart of a method for applying and installing a certificate through an intelligent mobile terminal according to an embodiment of the present application, where the method in the embodiment of the present application uses the intelligent mobile terminal as an execution subject, and includes the following steps:
s301, generating a signature key pair and generating a certificate issuing request file.
Specifically, fig. 4 shows an overall framework diagram for installing a digital certificate, referring to fig. 4, in the embodiment of the present application, a digital certificate APP is installed in an intelligent mobile terminal, for example, a new point certificate APP, and the new point certificate APP communicates with a CA authority through a certificate server (new point certificate APP server) to apply for and install the digital certificate to the CA authority.
And generating a pair of signature key pairs in a key container of a new point certificate authority APP of the intelligent mobile terminal, generating a CSR (certificate signing request file), and initiating a certificate application.
The key pair generated by the intelligent mobile terminal is encrypted and then stored, and the key pair stored by the intelligent mobile terminal can only be used by the owner of the intelligent mobile terminal.
S302, adding a CA configuration item to the certificate issuing request file and sending the CA configuration item to a CA mechanism so as to request the CA mechanism to perform certificate issuing operation.
Specifically, the certificate signing request first arrives at the new point certificate authority server, and the new point certificate authority server initiates the certificate signing request to the CA gateway after adding the CA configuration item in the certificate signing request.
And the CA gateway adapts the request parameters according to the CA configuration item and initiates a certificate application to a specified CA organization.
S303, acquiring the encrypted certificate issued by the CA organization.
After receiving a certificate application of a user, a CA (certificate authority) mechanism generates an encryption key pair of a digital certificate to be issued, then symmetrically encrypts an encryption private key of the encryption key pair, asymmetrically encrypts the symmetrically encrypted symmetric private key, finally encrypts the key to generate a key protection structure, and issues the encryption certificate.
The issued encryption certificate firstly returns to the CA gateway, the CA gateway can perform key protection structure adaptation once, and then the issued encryption certificate returns to the new point certificate of the intelligent mobile terminal APP in sequence.
S304, the encrypted certificate is decrypted to obtain a certificate file.
Specifically, the intelligent mobile terminal decrypts the key protection structure by using a private key in the signature key pair in a key container of the new point certificate authority APP, obtains an encrypted private key and installs a certificate. The method specifically comprises the following steps:
carrying out asymmetric decryption on the encrypted certificate to obtain a symmetric key; symmetrically decrypting the encrypted private key according to the symmetric secret key to obtain an encrypted private key; and decrypting the encrypted certificate by using the encrypted private key to obtain a certificate file.
S305, installing and storing the certificate file.
Further, the user can initiate the application of certificates of a plurality of different CA authorities on the new point certificate authority APP, and the certificates of different CA authorities can be installed and used simultaneously.
Fig. 5 is a flowchart of a digital certificate signing method according to an embodiment of the present application, and this embodiment takes the example that the method is applied to the certificate server (new point certificate authority) 3 shown in fig. 1, and the execution subject of each step is the certificate server 3. The method at least comprises the following steps:
s501, a signature request sent by a client through a trading center is obtained, wherein the signature request comprises user identity information and the trading center where a user is currently located.
And S502, generating a two-dimensional code according to the user identity information contained in the signature request and the current transaction center of the user, and sending the two-dimensional code to a client for display so that the intelligent mobile terminal scans the two-dimensional code to obtain signature identification information.
S503, receiving the signature identification information sent by the intelligent mobile terminal, and according to the signature identification information, acquiring and returning signature request data to indicate the intelligent mobile terminal to confirm the signature, wherein the signature request data carries the information of the file to be signed.
S504: and after receiving signature confirmation information sent by the intelligent mobile terminal, digitally signing the file to be signed carried in the signature request data, and returning a signature result to the client.
Please refer to fig. 1-3, which are not repeated herein for a description of a relevant portion of the embodiment in which the certificate server is taken as an execution subject.
In summary, the application replaces the USBKey certificate with the mobile phone certificate, not only supports holding a plurality of certificates simultaneously, but also abandons the installation of the drive, and realizes the login, signature, encryption and decryption operations of the electronic transaction bidding system through the mobile phone. The method has the advantages of seamless compatibility of multiple certificates, over-the-air certificate issuing, operation tracing, multi-browser support and the like.
Fig. 6 is a block diagram of a digital certificate signing apparatus according to an embodiment of the present application, and this embodiment takes an example of applying the apparatus to an intelligent mobile terminal of the framework shown in fig. 1. The device at least comprises the following modules:
the system comprises a two-dimensional code acquisition module, a transaction center and a service center, wherein the two-dimensional code acquisition module is used for scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal and acquiring signature identification information contained in the two-dimensional code, and the signature identification information indicates identity information of a user and the transaction center where the user is currently located;
the signature confirmation module acquires and displays the signature request data to indicate a user to trigger a signature confirmation;
and the signature receiving module is used for receiving the information that the user triggers and confirms the signature according to the signature request data, and sending the information to the certificate server so as to enable the certificate server to carry out signature, and returning a signature result to the client.
For relevant details reference is made to the above-described method embodiments.
Fig. 7 is a block diagram of a digital certificate signing apparatus according to another embodiment of the present application, and this embodiment takes the application of the apparatus to the certificate server of the framework shown in fig. 1 as an example for description. The device at least comprises the following modules:
the request acquisition module is used for acquiring a signature request sent by a client through a trading center, wherein the signature request comprises user identity information and the current trading center of a user;
the two-dimension code generating module is used for generating a two-dimension code according to the user identity information contained in the signature request and the current transaction center of the user, and sending the two-dimension code to a client for displaying so that the intelligent mobile terminal scans the two-dimension code to obtain signature identification information;
the signature acquisition module is used for receiving signature identification information sent by the intelligent mobile terminal and acquiring and returning signature request data to indicate the intelligent mobile terminal to confirm the signature according to the signature identification information, wherein the signature request data carries information of a file to be signed;
and the signature module is used for carrying out digital signature on the file to be signed carried in the signature request data after receiving the signature confirmation information sent by the intelligent mobile terminal, and returning a signature result to the client.
It should be noted that: in the above two embodiments, the division of the functional modules is merely used as an example to illustrate when signing, and in practical applications, the above functions may be distributed by different functional modules according to needs, that is, the internal structure of the digital certificate signing apparatus of the electronic transaction bidding system is divided into different functional modules to complete all or part of the above described functions. In addition, the digital certificate signing device of the electronic transaction bidding system and the digital certificate signing method embodiment of the electronic transaction bidding system provided by the above embodiments belong to the same concept, and the specific implementation process thereof is detailed in the method embodiment and will not be described herein again.
Fig. 8 is a block diagram of a digital certificate signing system according to an embodiment of the present application, where the system may be: a smartphone, a tablet, a laptop, a desktop, or a server. The system may also be referred to as a user equipment, a portable terminal, a laptop terminal, a desktop terminal, a control terminal, etc., which is not limited in this embodiment. The system includes at least a processor and a memory.
The processor may include one or more processing cores, such as: 4 core processors, 6 core processors, etc. The processor may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable gate Array), and a PLA (Programmable Logic Array). The processor may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content that the display screen needs to display. In some embodiments, the processor may further include an AI (Artificial Intelligence) processor for processing computing operations related to machine learning.
The memory may include one or more computer-readable storage media, which may be non-transitory. The memory may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer-readable storage medium in memory is used to store at least one instruction for execution by a processor to implement the digital certificate signing method provided by method embodiments herein.
In some embodiments, optionally, the digital certificate signing system further includes: a peripheral interface and at least one peripheral. The processor, memory and peripheral interface may be connected by bus or signal lines. Each peripheral may be connected to the peripheral interface via a bus, signal line, or circuit board. Illustratively, peripheral devices include, but are not limited to: radio frequency circuit, touch display screen, audio circuit, power supply, etc.
Of course, the digital certificate signing system may also include fewer or more components, which is not limited by the embodiment.
Optionally, the present application further provides a computer-readable storage medium, in which a program is stored, and the program is loaded and executed by a processor to implement the digital certificate signing method of the above method embodiment.
Optionally, the present application further provides a computer product, which includes a computer-readable storage medium, in which a program is stored, and the program is loaded and executed by a processor to implement the digital certificate signing method of the above-mentioned method embodiment.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (9)

1. A digital certificate signature method is applied to an intelligent mobile terminal, and is characterized by comprising the following steps:
scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal, and acquiring signature identification information contained in the two-dimensional code, wherein the signature identification information indicates identity information of a user and a transaction center where the user is currently located;
acquiring and displaying signature request data to indicate a user to trigger a confirmation signature;
and receiving information for triggering and confirming the signature by the user according to the signature request data, and sending the information to the certificate server so as to enable the certificate server to carry out signature, and returning a signature result to the client.
2. The method of claim 1, wherein: the method further comprises the following steps of installing the digital certificate APP through the intelligent mobile terminal:
generating a signature key pair and generating a certificate issuing request file;
adding a CA configuration item to the certificate issuing request file and sending the CA configuration item to a CA mechanism so as to request the CA mechanism to perform certificate issuing operation;
acquiring an encryption certificate issued by a CA (certificate authority);
decrypting the encrypted certificate to obtain a certificate file;
and installing and storing the certificate file.
3. The method of claim 2, wherein: the decrypting the encrypted certificate to obtain a certificate file includes:
asymmetrically decrypting the symmetric key corresponding to the encryption certificate to obtain a symmetric key;
symmetrically decrypting the encrypted private key encrypted by the symmetric secret key to obtain an encrypted private key;
and decrypting the encrypted certificate by using the encrypted private key to obtain a certificate file.
4. A digital certificate signature method is applied to a certificate server side, and is characterized by comprising the following steps:
acquiring a signature request sent by a client through a trading center, wherein the signature request comprises user identity information and the current trading center of a user;
generating a two-dimensional code according to the user identity information contained in the signature request and the current transaction center of the user, and sending the two-dimensional code to a client for display so that the intelligent mobile terminal scans the two-dimensional code to obtain signature identification information;
receiving signature identification information sent by an intelligent mobile terminal, and acquiring and returning signature request data to indicate the intelligent mobile terminal to confirm a signature according to the signature identification information, wherein the signature request data carries information of a file to be signed;
and after receiving signature confirmation information sent by the intelligent mobile terminal, digitally signing the file to be signed carried in the signature request data, and returning a signature result to the client.
5. The utility model provides a digital certificate signature device, is applied to intelligent Mobile terminal, its characterized in that, the device includes:
the system comprises a two-dimensional code acquisition module, a transaction center and a service center, wherein the two-dimensional code acquisition module is used for scanning a two-dimensional code displayed by a client through a digital certificate APP installed on an intelligent mobile terminal and acquiring signature identification information contained in the two-dimensional code, and the signature identification information indicates identity information of a user and the transaction center where the user is currently located;
the signature confirmation module acquires and displays the signature request data to indicate a user to trigger a signature confirmation;
and the signature receiving module is used for receiving the information that the user triggers and confirms the signature according to the signature request data, and sending the information to the certificate server so as to enable the certificate server to carry out signature, and returning a signature result to the client.
6. The digital certificate signing apparatus of claim 5, further comprising a certificate installation module, the certificate installation module configured to:
generating a signature key pair and generating a certificate issuing request file;
adding a CA configuration item to the certificate issuing request file and sending the CA configuration item to a CA mechanism so as to request the CA mechanism to perform certificate issuing operation;
acquiring an encryption certificate issued by a CA (certificate authority);
decrypting the encrypted certificate to obtain a certificate file;
and installing and storing the certificate file.
7. A digital certificate signing apparatus, applied to a certificate server, the apparatus comprising:
the request acquisition module is used for acquiring a signature request sent by a client through a trading center, wherein the signature request comprises user identity information and the current trading center of a user;
the two-dimension code generating module is used for generating a two-dimension code according to the user identity information contained in the signature request and the current transaction center of the user, and sending the two-dimension code to a client for displaying so that the intelligent mobile terminal scans the two-dimension code to obtain signature identification information;
the signature acquisition module is used for receiving signature identification information sent by the intelligent mobile terminal and acquiring and returning signature request data to indicate the intelligent mobile terminal to confirm the signature according to the signature identification information, wherein the signature request data carries information of a file to be signed;
and the signature module is used for carrying out digital signature on the file to be signed carried in the signature request data after receiving the signature confirmation information sent by the intelligent mobile terminal, and returning a signature result to the client.
8. A digital certificate signing system, the system comprising a processor and a memory; the memory has stored therein a program that is loaded and executed by the processor to implement the steps of the digital certificate signing method of any one of claims 1 to 3 or claim 4.
9. A computer-readable storage medium, characterized in that the storage medium has stored therein a program for implementing the steps of the digital certificate signing method according to any one of claims 1 to 3 or claim 4 when executed by a processor.
CN202110497547.7A 2021-05-08 2021-05-08 Digital certificate signing method, device, system and storage medium Active CN113242134B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110497547.7A CN113242134B (en) 2021-05-08 2021-05-08 Digital certificate signing method, device, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110497547.7A CN113242134B (en) 2021-05-08 2021-05-08 Digital certificate signing method, device, system and storage medium

Publications (2)

Publication Number Publication Date
CN113242134A true CN113242134A (en) 2021-08-10
CN113242134B CN113242134B (en) 2023-07-04

Family

ID=77132328

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110497547.7A Active CN113242134B (en) 2021-05-08 2021-05-08 Digital certificate signing method, device, system and storage medium

Country Status (1)

Country Link
CN (1) CN113242134B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760070A (en) * 2022-04-22 2022-07-15 深圳市永达电子信息股份有限公司 Digital certificate issuing method, digital certificate issuing center and readable storage medium
CN115277125A (en) * 2022-07-13 2022-11-01 南京国电南自电网自动化有限公司 Bidirectional credible safe transformer substation remote control method and system thereof
CN115514526A (en) * 2022-08-19 2022-12-23 广东省电子商务认证有限公司 Method and system for using drive-free mobile digital certificate
CN116827542A (en) * 2023-08-29 2023-09-29 江苏省国信数字科技有限公司 Digital certificate management method and system of intelligent device
CN118487878A (en) * 2024-07-16 2024-08-13 蔚来汽车科技(安徽)有限公司 Digital certificate acquisition method, vehicle, storage medium and computer device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323062A (en) * 2014-06-03 2016-02-10 北京收付宝科技有限公司 Mobile terminal digital certificate electronic signature method
CN106845986A (en) * 2017-01-12 2017-06-13 方欣科技有限公司 The signature method and system of a kind of digital certificate
CN109831308A (en) * 2019-02-27 2019-05-31 上海棕榈电脑系统有限公司 Digital signature authentication method, storage medium and equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323062A (en) * 2014-06-03 2016-02-10 北京收付宝科技有限公司 Mobile terminal digital certificate electronic signature method
CN106845986A (en) * 2017-01-12 2017-06-13 方欣科技有限公司 The signature method and system of a kind of digital certificate
CN109831308A (en) * 2019-02-27 2019-05-31 上海棕榈电脑系统有限公司 Digital signature authentication method, storage medium and equipment

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760070A (en) * 2022-04-22 2022-07-15 深圳市永达电子信息股份有限公司 Digital certificate issuing method, digital certificate issuing center and readable storage medium
CN115277125A (en) * 2022-07-13 2022-11-01 南京国电南自电网自动化有限公司 Bidirectional credible safe transformer substation remote control method and system thereof
CN115277125B (en) * 2022-07-13 2024-02-13 南京国电南自电网自动化有限公司 Substation remote control method and system with bidirectional credibility and safety
CN115514526A (en) * 2022-08-19 2022-12-23 广东省电子商务认证有限公司 Method and system for using drive-free mobile digital certificate
CN116827542A (en) * 2023-08-29 2023-09-29 江苏省国信数字科技有限公司 Digital certificate management method and system of intelligent device
CN116827542B (en) * 2023-08-29 2023-11-07 江苏省国信数字科技有限公司 Digital certificate management method and system of intelligent device
CN118487878A (en) * 2024-07-16 2024-08-13 蔚来汽车科技(安徽)有限公司 Digital certificate acquisition method, vehicle, storage medium and computer device

Also Published As

Publication number Publication date
CN113242134B (en) 2023-07-04

Similar Documents

Publication Publication Date Title
CN113242134B (en) Digital certificate signing method, device, system and storage medium
CN110278078B (en) Data processing method, device and system
CN109547471B (en) Network communication method and device
CN110661748B (en) Log encryption method, log decryption method and log encryption device
CN106611310B (en) Data processing method, wearable electronic device and system
CN111464295B (en) Bank card making method and device
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
CN204360381U (en) mobile device
CN110611657A (en) File stream processing method, device and system based on block chain
CN111274611A (en) Data desensitization method, device and computer readable storage medium
CN112507296B (en) User login verification method and system based on blockchain
CN114465803A (en) Object authorization method, device, system and storage medium
CN111931209A (en) Contract information verification method and device based on zero knowledge certification
CN113674456A (en) Unlocking method, unlocking device, electronic equipment and storage medium
CN111030827A (en) Information interaction method and device, electronic equipment and storage medium
TW201712590A (en) A cloud encryption system and method
CN112839013B (en) Key transmission method, device and computer readable storage medium
CN112636916A (en) Data processing method, data processing device, storage medium and electronic equipment
CN113378119A (en) Software authorization method, device, equipment and storage medium
EP4016921A1 (en) Certificate management method and apparatus
CN115378592A (en) Password service calling method and system
CN109120576B (en) Data sharing method and device, computer equipment and storage medium
CN105022965A (en) Data encryption method and apparatus
CN112464270A (en) Bidding file encryption and decryption method, equipment and storage medium
CN111010283B (en) Method and apparatus for generating information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant