CN1725684A - Digital certificate safety protection method - Google Patents
Digital certificate safety protection method Download PDFInfo
- Publication number
- CN1725684A CN1725684A CN 200410050847 CN200410050847A CN1725684A CN 1725684 A CN1725684 A CN 1725684A CN 200410050847 CN200410050847 CN 200410050847 CN 200410050847 A CN200410050847 A CN 200410050847A CN 1725684 A CN1725684 A CN 1725684A
- Authority
- CN
- China
- Prior art keywords
- certificate
- digital certificate
- module
- security protection
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A method for protecting security of digital certificate includes certificate back - up step of setting status verification step and certificate restoration step of verifying status step being able to be mode of questioning and answering or mode of verifying status in real time.
Description
Technical field
The present invention relates to the guard method of a kind of network service safe, particularly a kind of method of digital certificate safeguard protection.
Background technology
On the internet, the mode of identification user identity has modes such as user name+password (ID+Password), digital certificate, dynamic password card.Concerning bank-user, the information of these RMs or equipment all are provided with there and obtain from bank counter or customer manager.
In the system that uses digital certificate identification user identity, first client terminal (computer) must promptly activate and obtain digital certificate through a server authentication step when using professional version software.When the user uses above-mentioned professional version software on other client terminals, must be with the digital certificate backup of first client terminal, and install and return in this professional version software, professional version software takes multiple complicated enciphering transformation to protect local data.Concerning the assailant, need to steal user's digital certificate backup file and protection password thereof and to do the certificate recovery operation again for the local data that multiple computing deciphered with respect to being distributed in many places, much easier.
Summary of the invention
Technical problem to be solved by this invention is, a kind of digital certificate method for security protection is provided, to strengthen the protection of digital certificate in the digital certificate verification mode.
Technical scheme of the present invention is, a kind of digital certificate method for security protection is provided, and comprises certificate back-up step and certificate recovering step, and described certificate back-up step comprises the authentication step is set that described certificate recovering step comprises the authentication step.The authentication step wherein is set to be comprised by the certificate back-up module and is provided for the problem of authentication and answer and problem and answer is stored into the step of the memory of server end; The authentication step may further comprise the steps: the problem that is used for authentication of storing on the secure verification module selection memory of server end, the certificate of client terminal recover the Validation Answer Key validation problem answer by relatively being stored in memory of module answers validation problem, server end by human-computer interaction interface secure verification module, if by checking, and the certificate of client terminal recovers module to be carried out certificate and recover.
In the above-mentioned digital certificate method for security protection, the described problem that the setting of authentication step is set is more than 1.
In the above-mentioned digital certificate method for security protection, the selection step of the problem of described authentication at first selects to answer for the last time wrong problem, the problem of never asking or the longest problem of the time interval.
The present invention also provides a kind of digital certificate method for security protection, comprises certificate back-up step and certificate recovering step, and described certificate back-up step comprises the authentication step is set that described certificate recovering step comprises the authentication step.Wherein authentication step may further comprise the steps: the certificate that the secure verification module that the secure verification module of server end produces identity validation number, server end number sends to mobile phone, the user terminal of user registration by sms platform with identity validation according to stored user information in the memory recover module by human-computer interaction interface receive the input of identity validation number, if by checking, the certificate of client terminal recovers module to be carried out certificate and recovers.
The present invention also provides a kind of digital certificate method for security protection, comprises certificate back-up step and certificate recovering step, and described certificate back-up step comprises the authentication step is set that described certificate recovering step comprises the authentication step.The authentication step may further comprise the steps: the certificate that the secure verification module that the secure verification module of server end produces identity validation number, server end sends identity validation number, user terminal according to stored user information in the memory by the registration phone of storing in the memory recover module by human-computer interaction interface receive the input of identity validation number, if by checking, the certificate of client terminal recovers module to be carried out certificate and recovers.
In the above-mentioned digital certificate method for security protection, described authentication step also comprises the step of stored user information checking fixed telephone number in the secure verification module consults memory.
Digital certificate method for security protection of the present invention can prevent the potential safety hazard that digital certificate is stolen and brings in the digital certificate verification mode, has improved the fail safe in the digital certificate recovery process.
Description of drawings
Fig. 1 is the system construction drawing of digital certificate method for security protection of the present invention.
Fig. 2 is the flow chart of the digital certificate backup of digital certificate method for security protection of the present invention.
Fig. 3 is the flow chart that the digital certificate of digital certificate method for security protection of the present invention recovers.
Embodiment
As shown in Figure 1, system server 11 generally is positioned at long-range service end, and in bank, it is used for the stocking system data, and system service such as safety verification etc. are provided.SMS platform 12 is connected with system server 11, the authorization information of system server 11 can be sent to mobile phone 13.Customer service telephone system 14 also is connected with system server 11.The user can send the checking request via customer service telephone system 14 to system server 11 by landline telephone 15.After system server 11 response request authorization information is sent to the landline telephone 15 of client by customer service telephone system 14.User terminal 16 is for the user provides operating platform, and mutual by with server system realized specific function, and described user terminal 16 can have a plurality of (only illustrating one among Fig. 1).
When user terminal 16 uses specific special-purpose software for the first time, or the specific special-purpose software of resetting, do not back up the digital certificate of described special-purpose software again, just need the application authorization code, the empirical tests identity obtains an authorization code, has promptly finished certificate request.When carrying out authentication, can register the number of specific mobile phone number or landline telephone.At user terminal 16 input authorization codes, activate digital certificate then.
As shown in Figure 2, in carrying out the digital certificate backup, software systems of login user terminal 16 (step S21) at first, and control certificate back-up modules 162 by human-computer interaction interface 163 and carry out certificate back-up operation (S22), certificate back-up module 162 sends to system server 11 ends by communication interface 161, and the historical record of the data certificate back-up operation in secure verification module 112 consults memory 111 also judges whether to carry out security set (step S23) according to Query Result.If also do not carry out security set, then the certificate back-up module 162 of user terminal 16 requires to be provided for the prompting problem (step S24) of safety verification by human-computer interaction interface 163 promptings, in the present embodiment, the problem number of setting is at least 5, to improve fail safe.The record that secure verification module 112 deposits the security information that is provided with in memory 111 and the storage digital certificate has been provided with safety verification in memory.Certificate back-up module 162 is carried out certificate back-up (step S25) then.If carried out security set, then directly enter step S25, carry out certificate back-up.The problem of above-mentioned setting can be " school's school name that you once attended school ", " birthday/telephone numbers of you certain kith and kin ", and wherein these kith and kin can identify with a Chinese character.In addition, because the certificate back-up step of present embodiment is identical with the general certificate backup, do not give unnecessary details at this.
As shown in Figure 3, when carrying out the certificate recovery, at first recover module 163 by human-computer interaction interface 163 to certificate and send certificate recovery order, recover (step S311) to carry out certificate, certificate recovers module 163 and judges whether to select the use certificate sign indicating number to verify (step S312).If do not adopt authentication code to verify, then select one in the problem that is provided with in the digital certificate backup-step that the secure verification module 112 of system server 11 is stored from memory 111, put question to (step S313).Secure verification module 112 is when selecting problem, and its selection strategy is at first to select to answer for the last time wrong problem, the problem of never asking or correctly answered and the longest problem of the time interval.Human-computer interaction interface 163 receives the answer (step S314) of user's input according to prompting.Secure verification module 112 judges whether by checking according to the digital certificate backed up data of storage in the memory 111, i.e. whether the answer that receives of user terminal 16 consistent (step S318) when being provided with.If by checking, then carry out certificate and recover (step S321); If not by checking, then prompting recovers failure (step S320).
If adopt the authentication code checking, then secure verification module 112 produces an identity validation number (step S315), and judges that the selection according to the user judges whether to use mobile phone short messages checking (step S316).If adopt the mobile phone short messages checking, then system server 11 sends the identity validations number registered mobile phone 13 (step S317) to the user according to stored user information in the memory 111 by SMS platform 12, user terminal 16 receives the authentication code input, and send to system server 11 by the Internet, system server 11 is judged user terminal whether by checking, i.e. authentication code whether consistent with the identifying code of its transmission (step S318).If by checking, execution in step S321 then, otherwise execution in step S320.
If do not adopt the SMS checking, then call out customer service telephone system 14 by registered landline telephone 15, require authentication (step S319), system server 11 sends authentication code (step S317) according to stored user information in the memory 111 by customer service telephone system 14, and carries out step subsequently successively.
Claims (8)
1, a kind of digital certificate method for security protection comprises certificate back-up step and certificate recovering step, it is characterized in that, described certificate back-up step comprises the authentication step is set that described certificate recovering step comprises the authentication step.
2, according to the described digital certificate method for security protection of claim 1; it is characterized in that the described authentication step that is provided with comprises by the certificate back-up module and is provided for the problem of authentication and answer and problem and answer stored into the step of the memory of server end.
According to the described digital certificate method for security protection of claim 1, it is characterized in that 3, the described problem that the setting of authentication step is set is more than 1.
According to the described digital certificate method for security protection of claim 2, it is characterized in that 4, described authentication step may further comprise the steps:
The problem that is used for authentication of storing on the secure verification module selection memory of server end;
The certificate of client terminal recovers module and answers validation problem by human-computer interaction interface;
The secure verification module of server end is by relatively being stored in the Validation Answer Key validation problem answer of memory;
If by checking, the certificate of client terminal recovers module execution certificate and recovers.
According to the described digital certificate method for security protection of claim 4, it is characterized in that 5, the selection step of the problem of described authentication at first selects to answer for the last time wrong problem, the problem of never asking or the longest problem of the time interval.
According to the described digital certificate method for security protection of claim 1, it is characterized in that 6, described authentication step may further comprise the steps:
The secure verification module of server end produces identity validation number;
The secure verification module of server end number sends to identity validation the mobile phone of user's registration by sms platform according to stored user information in the memory;
The certificate of user terminal recovers module receives identity validation number by human-computer interaction interface input;
If by checking, the certificate of client terminal recovers module execution certificate and recovers.
According to the described digital certificate method for security protection of claim 1, it is characterized in that 7, described authentication step may further comprise the steps:
The secure verification module of server end produces identity validation number;
The secure verification module of server end sends identity validation number according to stored user information in the memory by the registration phone stored in the memory;
The certificate of user terminal recovers module receives identity validation number by human-computer interaction interface input;
If by checking, the certificate of client terminal recovers module execution certificate and recovers.
According to the described digital certificate method for security protection of claim 7, it is characterized in that 8, described authentication step also comprises the step of stored user information checking fixed telephone number in the secure verification module consults memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200410050847A CN100581105C (en) | 2004-07-23 | 2004-07-23 | Digital certificate safety protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200410050847A CN100581105C (en) | 2004-07-23 | 2004-07-23 | Digital certificate safety protection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1725684A true CN1725684A (en) | 2006-01-25 |
| CN100581105C CN100581105C (en) | 2010-01-13 |
Family
ID=35924938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200410050847A Active CN100581105C (en) | 2004-07-23 | 2004-07-23 | Digital certificate safety protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100581105C (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100446017C (en) * | 2006-06-13 | 2008-12-24 | 华为技术有限公司 | Method and system for backuping and storing numeric copyright |
| WO2015018315A1 (en) * | 2013-08-09 | 2015-02-12 | Tencent Technology (Shenzhen) Company Limited | Identity authentication method of an internet account, identity authentication device of an internet account and server |
| CN104580264A (en) * | 2015-02-13 | 2015-04-29 | 人民网股份有限公司 | Login method, registration method and login device as well as login and refrigeration system |
| CN104782077A (en) * | 2012-10-30 | 2015-07-15 | 国际商业机器公司 | Reissue of cryptographic credentials |
| CN104901925A (en) * | 2014-03-05 | 2015-09-09 | 中国移动通信集团北京有限公司 | End-user identity authentication method, device and system and terminal device |
-
2004
- 2004-07-23 CN CN200410050847A patent/CN100581105C/en active Active
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100446017C (en) * | 2006-06-13 | 2008-12-24 | 华为技术有限公司 | Method and system for backuping and storing numeric copyright |
| CN104782077A (en) * | 2012-10-30 | 2015-07-15 | 国际商业机器公司 | Reissue of cryptographic credentials |
| US9882890B2 (en) | 2012-10-30 | 2018-01-30 | International Business Machines Corporation | Reissue of cryptographic credentials |
| WO2015018315A1 (en) * | 2013-08-09 | 2015-02-12 | Tencent Technology (Shenzhen) Company Limited | Identity authentication method of an internet account, identity authentication device of an internet account and server |
| US9684777B2 (en) | 2013-08-09 | 2017-06-20 | Tencent Technology (Shenzhen) Company Limited | Identity authentication method of an internet account, identity authentication device of an internet account and server |
| CN104901925A (en) * | 2014-03-05 | 2015-09-09 | 中国移动通信集团北京有限公司 | End-user identity authentication method, device and system and terminal device |
| CN104580264A (en) * | 2015-02-13 | 2015-04-29 | 人民网股份有限公司 | Login method, registration method and login device as well as login and refrigeration system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100581105C (en) | 2010-01-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2591968C (en) | Authentication device and/or method | |
| CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
| CN1251549C (en) | Method for enabling PKI functionsin a smart card | |
| CN1921390B (en) | User identification identifying method and system | |
| CN1612518A (en) | User authentication system and method for controlling same | |
| CN104038924B (en) | Realize the method and system of Resource Exchange information processing | |
| US6990586B1 (en) | Secure data transmission from unsecured input environments | |
| CN1980459B (en) | Method for realizing information destroying at network side | |
| CN103368928A (en) | System and method for resetting account password | |
| CN104967553A (en) | Message interaction method, related device and communication system | |
| CN103167449B (en) | For communication terminal local machine arranges the method and system of call forwarding | |
| CN112437428A (en) | Verification method and server | |
| CN100581105C (en) | Digital certificate safety protection method | |
| CN106446667B (en) | Password data processing method, device and equipment | |
| CN107294981B (en) | Authentication method and equipment | |
| CN201629005U (en) | Bank card making system and bank card changing system | |
| CN111709835B (en) | Service processing method and system | |
| CN101272248B (en) | Dynamic cipher authentication system | |
| CN110516427A (en) | Auth method, device, storage medium and the computer equipment of terminal user | |
| CN1980427A (en) | Device for mobile terminal to automatically deleting information, and method thereof | |
| CN100429957C (en) | Indentifying method for telecommunication smart card and terminal | |
| CN111478875A (en) | Block chain-based biological sign mixed mode authentication method and system | |
| CN105095704A (en) | Identity recognition method based on multiple dynamic authentication | |
| CN205176929U (en) | Bank card theftproof brush control management device | |
| CN1980461A (en) | Device and method for realizing information recovery at network side |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |