CN1725682A - Method for using temporary digital certificate in mobile certificates - Google Patents
Method for using temporary digital certificate in mobile certificates Download PDFInfo
- Publication number
- CN1725682A CN1725682A CN 200410050846 CN200410050846A CN1725682A CN 1725682 A CN1725682 A CN 1725682A CN 200410050846 CN200410050846 CN 200410050846 CN 200410050846 A CN200410050846 A CN 200410050846A CN 1725682 A CN1725682 A CN 1725682A
- Authority
- CN
- China
- Prior art keywords
- certificate
- client
- key
- digital certificate
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A method of using temporary digital certificate in mobile certificate includes generating steps of forming a temporary digital certificate when client uses has own cipher code to sign certificate application to CA at client end , generating steps of writing temporary certificate in certificate carrier brought by client at client end , listing out steps to open relevant cipher key with temporary certificate in certificate carrier by program at client end when client signs digital certificate at different client end .
Description
Technical field
The present invention relates to the using method of digital certificate, more particularly, relate to a kind of method of in using mobile certificate, utilizing interim digital certificate, belong to computer and field of information security technology.
Background technology
Authentication be the user when entering system or visit the system resource of different protection levels, the technology whether this user's of system validation identity true, legal and unique.Use at present maximum authentication methods that is based on password and based on the authentication method of certificate.Based on the authentication of certificate is one of basic security service of providing of PKIX PKI (Public Key Infrastructure).PKI adopts digital certificate that user's natural identity and PKI digital information are bound together based on the asymmetric public key technology, unique expression user's identity in diverse network is used.
Digital certificate has been set up the bridge of getting in touch between user's natural identity and digital information, can realize the authentication to user's natural identity, carries out the agency mechanism that authentication must realize certification authentication in system server terminal but adopt fully based on certificate.Therefore, the user is from creating key, to carrying out certificate request to certificate issuance mechanism (CA), and CA checks this certificate request, to the key in the certificate request, information package such as user become a digital signature, download the digital certificate that CA signs and issues until the client from server.The process that these are a series of, need the regular hour, especially CA checks this certificate request, the time of the digital certificate signed and issued can't determine, often needs some minutes to hour, when this also is not thought of as client's grant a certificate, need audit customer information such as the caused delay of credit grade.And the user can not download the digital certificate that CA signs and issues in another client from service end in same client awaits for a long time usually after a period of time such as several days.And need the checking of key information in the process of downloading, and this information that is used to open key is stored in a client, causes at active client and can't find key, therefore client also can make mistakes.
Usually the way that solves is to shorten the certificate issuance time, uses more at a high speed encryption device by CA, the transmission of certificate request and locate in use higher priority, make time delay can stably drop to the sustainable time range of user.But for having a large amount of certificate clients, the scale of thousands of certificate request and certificate update all there is every day, when particularly concurrent request number is many, can not definitely guarantees to accomplish this point.
Summary of the invention
At the problems referred to above, the purpose of this invention is to provide a kind of client-side program, this program can produce the method for an interim digital certificate, carry for the user, the mode of carrying can be USB KEY, no matter the user comes that client, and all temporary credentials finds and open corresponding secret key thus, realizes the download of the data certificate that CA signs and issues.
The present invention is achieved through the following technical solutions above-mentioned purpose, use the method for interim digital certificate in this mobile certificate, comprise the user in client when the CA of certificate issuance mechanism sends certificate request, use client's itself key or the application of fixed key signing certificate immediately by client-side program, produce the step of an interim digital certificate, and client is write temporary credentials the step of the portable certificate carrier of access customer; During user's digital certificate that the generation digital signature is is then signed and issued after different clients is downloaded by CA inspection certificate request, client-side program is enumerated the interior one or more certificates of certificate carrier and is sought the step that temporary credentials are opened corresponding secret key.
Client's certificate carrier can be USB KEY or IC-card, IC-card read write line combination and other carriers.
The present invention utilizes the method for interim digital certificate, solved effectively because CA signs and issues the client strange land downloading digital certificate that the time delay of digital certificate causes, and can't open corresponding secret key this moment, can't download the problem of using digital certificate.
The present invention will elaborate with reference to accompanying drawing in conjunction with the embodiments.
Description of drawings
Fig. 1 is the schematic flow sheet according to the inventive method application digital certificate and downloading digital certificate
Embodiment
Be a description of using the application example of the inventive method below, one experimental be in the system of Private Banking of certificate carrier with USBKEY, used temporary credentials mechanism, to guarantee that at any time USB KEY inserts any computer, application program all can have access to the key in the USB KEY.
Because USB KEY can be considered as the combination of an IC-card and IC-card read write line, therefore below said card or KEY, indication all are identical products.
Used in this example is G﹠amp; The USB KEY of D company, they are as follows in the step of creating key and signing certificate, downloadable authentication:
1) at first creates a cryptographic key containers, as the container of " PB " by name;
2) in container, create a pair of RSA PKI and private key, be that this RSA PKI produces a certificate request then, after certificate issuance mechanism (CA) checks this certificate request, to the RSA PKI in the certificate request, information package such as address name are done a digital signature, and the digital signature of PKI, user profile and CA has just constituted a digital certificate;
3) open container PB, read the RSA PKI;
4) submit the certificate request that comprises RSA PKI, user profile to;
5) wait for the digital certificate of signing and issuing from server download CA, open container PB and find corresponding secret key to be compared, digital certificate is write corresponding container;
6) use the certificate stage: enumerate certificate in the KEY (certificate has a plurality of in the KEY) and find the certificate that oneself will use, this certificate has identical inside ID with RSA PKI and private key, finds this key thus.
In step 4) and 5) between, may escape to another computer or the completing steps 5 of just returning two days later because the certificate issuance time delay time can't be determined (can some minutes to hour) user).
Problem is, the key in the USB KEY, PKI and private key, all represent with identical ID, but this sign is used in card, is not Container Name " PB ", the information of container PB, only preserve on computers, suppose that the user finishes 1 at computer A) to 4) step, and every holding USB KEY after one day will do the step 5) downloadable authentication to new computer B, then computer B does not have the information of container PB, at this time the program of computer B can't have access to the key in the KEY, and two kinds of selections can only be arranged; Reporting errors: can't find key; Perhaps create a new container PB and another to key.At this time digital certificate and do not match (this digital certificate is signed and issued key for last, includes last information to key) that new key and CA sign and issue in the new container PB in the KEY then causes certificate to download.
For head it off, we are the 4th) in the step, produce an interim digital certificate by client-side program, the process that produces interim digital certificate is: client-side program uses key of oneself or the application of fixed key signing certificate to produce an interim certificate, this certificate be not by China Merchants Bank sign and issue because of rather than a valid certificate, write among the USB KEY.
Interim digital certificate is write among the USB KEY, and no matter the user is being with USB KEY to come the Na Yitai computation, and all temporary credentials finds and open corresponding secret key thus, finishes the 5th step certificate down operation.Temporary credentials finds and the method for opening corresponding secret key is: in downloadable authentication during the stage, use the temporary credentials can not the logging in network banking system, the user initiates download request, the certificate that bank server will be signed and issued is passed to client, the client computer is enumerated certificate in the KEY (certificate has a plurality of in the KEY), find the temporary credentials that produces before this, this certificate has identical inside ID with RSA PKI and private key, finds this key thus.After comparing certificate is write among the USB KEY, replace temporary credentials.
When the digital certificate that uses CA to sign and issue, program is enumerated certificate in the KEY (certificate has a plurality of in the KEY), finds the certificate that oneself will use, and this certificate has identical inside ID with RSA PKI and private key, find this key thus, can use this key to do actions such as encrypted signature.
Claims (2)
1, use the method for interim digital certificate in a kind of mobile certificate, it is characterized in that, may further comprise the steps:
The user in client when the CA of certificate issuance mechanism sends certificate request, use client's itself key or the application of fixed key signing certificate immediately by client-side program, produce the step of an interim digital certificate, and client is write temporary credentials the step of the portable certificate carrier of access customer;
During user's digital certificate that the generation digital signature is is then signed and issued after the different clients download is checked described certificate request by CA, client-side program is enumerated the interior one or more certificates of described certificate carrier and is sought the step that described temporary credentials is opened corresponding secret key.
2, according to the method for using interim digital certificate in the described mobile certificate of claim 1, it is characterized in that described certificate carrier can be USB KEY or IC-card, IC-card read write line combination and other carriers.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100508462A CN100531033C (en) | 2004-07-23 | 2004-07-23 | Method for using temporary digital certificate in mobile certificates |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100508462A CN100531033C (en) | 2004-07-23 | 2004-07-23 | Method for using temporary digital certificate in mobile certificates |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1725682A true CN1725682A (en) | 2006-01-25 |
| CN100531033C CN100531033C (en) | 2009-08-19 |
Family
ID=35924936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100508462A Active CN100531033C (en) | 2004-07-23 | 2004-07-23 | Method for using temporary digital certificate in mobile certificates |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100531033C (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101442407B (en) * | 2007-11-22 | 2011-05-04 | 杭州中正生物认证技术有限公司 | Method and system for identification authentication using biology characteristics |
| CN105678179A (en) * | 2014-11-20 | 2016-06-15 | 广东华大互联网股份有限公司 | Issuing method of IC card internet terminal and management system |
-
2004
- 2004-07-23 CN CNB2004100508462A patent/CN100531033C/en active Active
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101442407B (en) * | 2007-11-22 | 2011-05-04 | 杭州中正生物认证技术有限公司 | Method and system for identification authentication using biology characteristics |
| CN105678179A (en) * | 2014-11-20 | 2016-06-15 | 广东华大互联网股份有限公司 | Issuing method of IC card internet terminal and management system |
| CN105678179B (en) * | 2014-11-20 | 2018-11-13 | 广东华大互联网股份有限公司 | A kind of IC card internet terminal distributing method and management system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100531033C (en) | 2009-08-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7090800B2 (en) | Distributed document and entity validation engine | |
| CN107888382B (en) | A kind of methods, devices and systems of the digital identity verifying based on block chain | |
| CN110383752B (en) | Compact recording protocol | |
| US11838425B2 (en) | Systems and methods for maintaining decentralized digital identities | |
| CN111080295B (en) | Electronic contract processing method and device based on blockchain | |
| CN110049066B (en) | Resource access authorization method based on digital signature and block chain | |
| AU2021201603B2 (en) | Watermark security | |
| CN108900305B (en) | Multi-certificate issuing and verifying method based on intelligent security chip | |
| CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
| EP3590223A1 (en) | Integrated method and device for storing and sharing data | |
| JP2018533320A (en) | Data verification method and system using hash tree such as Merkle hash tree centered on time | |
| CN100593921C (en) | Time stamp service system and checking server for time stamp information and computer software | |
| CN108009445B (en) | Semi-centralized trusted data management system | |
| Al-Khouri | PKI in government digital identity management systems | |
| CN109981588B (en) | Data transaction service processing method and system based on block chain | |
| CN102298756A (en) | Method for ensuring security of computer lottery trade information | |
| CN114584290A (en) | Post-quantum certificate binding | |
| CN109670289A (en) | A kind of method and system identifying background server legitimacy | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
| JP5431804B2 (en) | Authentication system and authentication method | |
| CN100531033C (en) | Method for using temporary digital certificate in mobile certificates | |
| Saramago et al. | A tree-based construction for verifiable diplomas with issuer transparency | |
| CN110535663A (en) | A kind of realization method and system of the trusted timestamp service based on block chain | |
| CN115001805B (en) | Single sign-on method, device, equipment and storage medium | |
| CN102546573A (en) | Safety information interactive system and method based on internet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |