CN201266949Y - System for implementing digital certificate identification verification and sensitive data encipher - Google Patents

System for implementing digital certificate identification verification and sensitive data encipher Download PDF

Info

Publication number
CN201266949Y
CN201266949Y CNU2008201101705U CN200820110170U CN201266949Y CN 201266949 Y CN201266949 Y CN 201266949Y CN U2008201101705 U CNU2008201101705 U CN U2008201101705U CN 200820110170 U CN200820110170 U CN 200820110170U CN 201266949 Y CN201266949 Y CN 201266949Y
Authority
CN
China
Prior art keywords
digital certificate
certificate
user
server
sensitive data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNU2008201101705U
Other languages
Chinese (zh)
Inventor
王文
王海宁
张学松
梁野
史述红
周海明
梁勇
薛家兴
刘大为
赵显�
高春城
刘杰
刘冬
陶力
杨占勇
屈富敏
李伟刚
陈乃仕
张雪
陈西颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kedong Electric Power Control System Co Ltd
Original Assignee
Beijing Kedong Electric Power Control System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kedong Electric Power Control System Co Ltd filed Critical Beijing Kedong Electric Power Control System Co Ltd
Priority to CNU2008201101705U priority Critical patent/CN201266949Y/en
Application granted granted Critical
Publication of CN201266949Y publication Critical patent/CN201266949Y/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Abstract

A system for realizing digital certificate authentication and sensitive data encryption comprises: a client computer which is provided with a USB standard interface and can access the Internet; an electronic key which is controlled by a user and stores a chip containing the unique authentication digital certificate of the user; and a certificate identification server which is used for identifying the validity of the certificate and can communicate with the client computer and an application server by the Internet; wherein, the electronic key is accessed with the client computer by the USB interface. The system is safe, reliable, practical and convenient, and can meet the security requirements of commercial application data.

Description

A kind of system that realizes that digital certificate authentication and sensitive data are encrypted
Technical field
The utility model relate to a kind of in the Web application service of the Internet authentication and the system of data encryption.
Background technology
The Web Computer Applied Technology is used widely in recent years, is the intranet of core with Web, and the user can go sight-seeing device by client low-cost, that be simple and easy to usefulness can consult own required data whenever and wherever possible to the Web website of enterprise.Dynamic, the interactively published method of Web information has changed the service quality of enterprise.
Key project-" State Grid's marketing operation system " as country is State Grid's marketing operation technical support platform, and the transaction of State Grid's each trade variety of market can be undertaken by " State Grid's marketing operation system ".The market member carries out the marketing activity, must guarantee the legitimacy and the fail safe of user login name, and promptly user account can't personation property and the fail safe of sensitive data.
For reaching above purpose, " State Grid's marketing operation system " adopted the digital certificate of CFCA (China's finance authentication center) to carry out the affirmation of identity and sensitive data encrypted.So be necessary to set up a kind of corollary system of discerning the legitimacy of login user.
Summary of the invention
The purpose of this utility model provides a kind of system that realizes that digital certificate authentication and sensitive data are encrypted; It can adopt the certificate mode to encrypt and sensitive data is encrypted to the user identity of system; When the user lands access system, it is verified and pass through.
For achieving the above object, the utility model is taked following design:
A kind of system that realizes that digital certificate authentication and sensitive data are encrypted, it includes:
But client computer with USB standard interface and internet login;
The electron key of control in each user's hand, the built-in storage package of the electron key in each user's hand contains the chip of the unique authentication digital certificate of this user;
One is used to discern the certificate identity identified server of certificate validity, can be by the Internet and client computer and application server communication; Electron key inserts client computer by USB interface.
Described certificate identity identified server and application server can integrated server be or the server of split type combination.
The utility model has the advantages that:
1, safe and reliable, can satisfy the demand for security of commercial application data as the diploma system of the digital certificate CFCA of commerce;
2, practical and convenient, use this diploma system with mode as herein described and can finish easily to the encryption requirements of authenticating user identification with to the encryption requirements of sensitive data.
Description of drawings
Fig. 1 is the utility model system principle of compositionality schematic diagram
Embodiment
As shown in Figure 1, the utility model realizes that the formation of the system that digital certificate authentication and sensitive data are encrypted includes: client computer 1, the electron key of control in each user's hand are used to discern the certificate identity identified server 3 and the application server 4 of certificate validity.
Described client computer 1 should have USB standard interface, but and internet login exchange with the Application Server information of system.
The electron key 2 of described control in each user's hand is exactly to be distributed to the unique digital certificate of each user, be that each validated user is distributed to a unique electron key, include the unique digital certificate (in other words, the electron key stored in each user's hand includes the chip of the unique authentication digital certificate of this user) that is used to discern this user identity in this electron key (it is good adopting USB).Encrypt for the authentication digital certificate, exactly each user is distributed unique corresponding with it digital certificate, in login system, this digital certificate cooperates the unique identification of username and password as the user, does not have the user of digital certificate can't enter system; Adopt digital certificate that it is encrypted back storage or transmission for sensitive data, when reaching decryption condition, call corresponding digital certificate again and be decrypted.Before the logging in system by user, the electron key driver is installed on the client computer of login system at first, so that the correct discriminating digit certificate of client computer.Electron key inserts client computer by USB interface.
Described certificate identity identified server 3 is cores that the utility model is realized the system that digital certificate authentication and sensitive data are encrypted, it can be the computer of a platform independent, can be by the Internet and client computer and application server communication, certificate identity identified server built-in application program, carry out this program and can discern the client's of login system certificate validity, whether the digital certificate that promptly is used to discern user cipher and cooperates with it is consistent with the certificate that is distributed to this user, then allow this user to enter system as unanimity, then refuse this user and enter system as inconsistent.Because diploma system itself is safe, the safety that has therefore guaranteed the system identity authentication is with reliable.Other carries out this program and also can encrypt some sensitive datas.
Application server 4 described in the present embodiment adopts Web Application Server, and State Grid's marketing operation service routine chip is housed in it.
Described certificate identity identified server and application server can one be disposed or the split deployment.
As shown in Figure 1, at first dispose the authentication server based on certificate identification when the utility model makes up, the application deployment server is disposed the visit of back by authentication server control application server then; When needing, two servers also can be deployed in the same server.
Its operation principle is: after the client user inserts electron key 2 by the USB interface on this machine 1, send application to certificate identity identified server 3, after certificate identity identified server checking user name, password and certificate are correct, by checking, the user inserts application service, finishes authentication.
During the data encryption transmission, similarly, for sensitive data, by the call number certificate, sensitive data is encrypted, after the encryption, data upload is to application server, and encrypting storing is in case of necessity by call number certificate data decryption, for using.
Because the electron key that login user is used can adopt USB, its easily customization processing, and easy to carry, safe and reliable, thus promptly convenient for users to use, guaranteed that again whole system and each user's is safe in utilization.

Claims (3)

1, a kind of system that realizes that digital certificate authentication and sensitive data are encrypted is characterized in that it includes:
But client computer with USB standard interface and internet login;
The electron key of control in each user's hand, the electron key stored in each user's hand includes the chip of the unique authentication digital certificate of this user;
One is used to discern the certificate identity identified server of certificate validity, can be by the Internet and client computer and application server communication; Electron key inserts client computer by USB interface.
2, the system of realization digital certificate according to claim 1 authentication and sensitive data encryption, it is characterized in that: described application server is the application server that State Grid's marketing operation service routine is housed, and the built-in chip of described electron key is the chip that storage package contains " State Grid's marketing operation system " special-purpose CFCA digital certificate.
3, realization digital certificate according to claim 1 authentication and the sensitive data system of encrypting is characterized in that: described certificate identity identified server and application server can integrated server be or the server of split type combination.
CNU2008201101705U 2008-09-10 2008-09-10 System for implementing digital certificate identification verification and sensitive data encipher Expired - Fee Related CN201266949Y (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNU2008201101705U CN201266949Y (en) 2008-09-10 2008-09-10 System for implementing digital certificate identification verification and sensitive data encipher

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNU2008201101705U CN201266949Y (en) 2008-09-10 2008-09-10 System for implementing digital certificate identification verification and sensitive data encipher

Publications (1)

Publication Number Publication Date
CN201266949Y true CN201266949Y (en) 2009-07-01

Family

ID=40833319

Family Applications (1)

Application Number Title Priority Date Filing Date
CNU2008201101705U Expired - Fee Related CN201266949Y (en) 2008-09-10 2008-09-10 System for implementing digital certificate identification verification and sensitive data encipher

Country Status (1)

Country Link
CN (1) CN201266949Y (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106100836A (en) * 2016-08-09 2016-11-09 中京天裕科技(北京)有限公司 A kind of industrial user's authentication and the method and system of encryption

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106100836A (en) * 2016-08-09 2016-11-09 中京天裕科技(北京)有限公司 A kind of industrial user's authentication and the method and system of encryption

Similar Documents

Publication Publication Date Title
US9596089B2 (en) Method for generating a certificate
CN103259667B (en) The method and system of eID authentication on mobile terminal
CN1614924A (en) Identity certifying system based on intelligent card and dynamic coding
CN101122942A (en) Data safe reading method and its safe storage device
CN102510378A (en) Method for logging in online game through mobile equipment
EP2690589A1 (en) Method and system for security information interaction based on internet
US9300639B1 (en) Device coordination
CN102685122B (en) The method of the software protection based on cloud server
CN100533459C (en) Data safety reading method and safety storage apparatus thereof
CN103152425A (en) Safety management system for mobile device based on cloud technology
CN102694782A (en) Internet-based device and method for security information interaction
US8156548B2 (en) Identification and authentication system and method
CN102111271B (en) Network security certification method and device thereof
CN101552671A (en) Network identity authentication method based on U-disk and dynamic differential password and system thereof
US9756031B1 (en) Portable access to auditing information
WO2006074258A2 (en) Mobility device platform
US20180167202A1 (en) Account asset protection via an encoded physical mechanism
CN201266949Y (en) System for implementing digital certificate identification verification and sensitive data encipher
CN102546168A (en) Communication device for identity authentication
CN203206256U (en) A mobile storage device
Otterbein et al. The german eID as an authentication token on android devices
CN104579681B (en) Identity authorization system between mutual trust application system
CN103259654A (en) Intelligent card management system based on satellite communication service
CN102752265A (en) Security information interaction system and method based on Internet
WO2020172619A1 (en) User authentication with self-signed certificate and identity verification

Legal Events

Date Code Title Description
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090701

Termination date: 20110910