CN201781620U - Short message authentication and encryption system based on digital certificate - Google Patents
Short message authentication and encryption system based on digital certificate Download PDFInfo
- Publication number
- CN201781620U CN201781620U CN2010202787409U CN201020278740U CN201781620U CN 201781620 U CN201781620 U CN 201781620U CN 2010202787409 U CN2010202787409 U CN 2010202787409U CN 201020278740 U CN201020278740 U CN 201020278740U CN 201781620 U CN201781620 U CN 201781620U
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- short message
- note
- mobile phone
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000007246 mechanism Effects 0.000 claims description 46
- 230000005540 biological transmission Effects 0.000 abstract description 12
- 238000004891 communication Methods 0.000 abstract description 2
- 230000002457 bidirectional effect Effects 0.000 abstract 1
- 230000008676 import Effects 0.000 description 3
- 239000000284 extract Substances 0.000 description 2
- 238000000034 method Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The utility model relates to a short message authentication and encryption system based on a digital certificate, which comprises a short message authentication center, an authenticated institution short message center and a mobile phone. The short message authentication and encryption system provides a sole digital certificate generating program according to user identification by the aid of a digital certificate management service unit of the short message authentication center, and ensures safety of the digital certificate for safety of bidirectional short message communication. The short message authentication and encryption system can realize that a plurality of different receivers are in encryption transmission modes according to self secrete keys based on short messages only by installing one short message authentication and encryption program in the common mobile phone to serve as a short message authentication and encryption client. Besides, the short message authentication and encryption system can authenticate received short message content, guarantees transmitted content not to be tampered and authenticity of senders, and has the advantages of fine confidentiality, reduction of changes of an existing short message system, fewer employed resources, easiness of realization and capability of being applied to the fields of financial transaction and the like.
Description
Technical field
The utility model relates to a kind of authenticated encryption system of note.
Background technology
The application of note is very universal, but note is lacked authentication mechanism.In addition, the transmission of note mostly is that plain code sends, though the STK mode provides to encrypt and has sent, but can only be to realize encrypting in the face of unique recipient, and can not be that the basis realizes that a plurality of different recipients encrypt transmission according to the key of oneself respectively with the short signal, this point has restricted the application of note in fields such as financial transactions greatly.
Summary of the invention
The utility model purpose provides a kind of note authenticated encryption system based on digital certificate, and it has solved the technical problem that existing short message receiving-transmitting mode lacks authentication mechanism and can't encrypt transmission.
Technical solution of the present utility model is:
A kind of note authenticated encryption system based on digital certificate, its special character is: described note authenticated encryption system comprises note authentication center, certified mechanism sms center and mobile phone; Described note authentication center comprises digital certificate management service unit and public digital certificates storehouse; Described digital certificate management service unit is used for the managing digital certificate generator and generates user's sign of certified mechanism; Described public digital certificates storehouse is used to deposit PKI and user's sign of digital certificate; Described certified mechanism sms center comprises short message receiving-transmitting server, digital signature server, certificate generation unit and certified mechanism digital certificate storehouse; Described short message receiving-transmitting server is used to receive and dispatch note; Described digital signature server can be carried out digital signature to the note that is sent; Described certificate generation unit is used for the downloading digital certificate generator and generates the PKI and the private key of digital certificate according to the digital certificate generator; Described certified mechanism digital certificate storehouse is used to deposit the private key of digital certificate; Described mobile phone comprises mobile phone body, is arranged on the note authentication in the mobile phone body and encrypts client and mobile phone digital certificate storehouse; Described mobile phone digital certificate storehouse is used to deposit the PKI of digital certificate; Described note authentication and encryption client can authenticate note that mobile phone body receives according to the PKI of digital certificate.
Above-mentioned certified mechanism sms center also can comprise decrypting device, and described decrypting device can send note to the cellphone subscriber according to the private key of digital certificate and be decrypted; Described note authentication and encryption client also can realize the encryption of sending short message by mobile phone according to the PKI in the mobile phone digital certificate storehouse.
The utility model system has the following advantages:
1, the utility model can authenticate the short message content of receiving, guarantees that the content that sends is not distorted and the true and false of transmit leg.The utility model provides certified mechanism unique digital certificate generator by the digital certificate management service unit of note authentication center according to user ID, guarantees the uniqueness and the confidentiality at certified center, thereby has guaranteed the fail safe of digital certificate; The utility model digital certificate comprises PKI and private key, and in internal system transmission, PKI does not transmit in internal system private key, has guaranteed the reliable of the fail safe of certificate and verification process, guarantees that the content that sends is not distorted and the true and false of transmit leg.In addition, the utility model is that digital certificate is provided with the term of validity, can effectively prevent the leakage of digital certificate.
2, the utility model can make mobile phone send the encryption note of having only certified mechanism to decipher.Mobile phone of the present utility model utilizes PKI that short message content is encrypted, and has only the decrypting device of certified mechanism to utilize private key to decipher, and has guaranteed the safety of the up transmission short message content of cellphone subscriber.
3, the utility model can authenticate SMS, can carry out encrypting and decrypting to up transmission note, has guaranteed the safety of two-way short message communication, can be applicable to fields such as financial transaction.
4, the utility model only need be installed a note authentication and encipheror as note authentication and encryption client in regular handset, just can realize with the short signal being that the basis realizes that a plurality of different recipients encrypt the mode of transmission respectively according to the key of oneself, use and use very convenient.
5, the utility model is used for reference the digital certificate mode of HTTPS agreement, is used for the authentication that SMS sends content and transmit leg, and the up transmission encrypted content of mobile phone, good confidentiality, and less to the change of existing note system, it is few to take resource, is easy to realize.
The note of reminding the non-Notified body of this note (certified mechanism) to send when 6, the literal of certified mechanism can appear in the utility model in normal short message prevents the note swindle.
Description of drawings
Fig. 1 generates the flow chart of the digital certificate of certified mechanism for the utility model;
Fig. 2 carries out digital signature and transmission for the utility model to note flow chart;
Fig. 3 is the structural representation of the utility model system;
Embodiment
The utility model is a kind of note authenticated encryption system based on digital certificate, comprises note authentication center, certified mechanism sms center and mobile phone.
Note authentication center comprises digital certificate management service unit and public digital certificates storehouse; The digital certificate management service unit is used for the managing digital certificate generator and generates user's sign of certified mechanism; The public digital certificates storehouse is used to deposit PKI and user's sign of digital certificate.
Certified mechanism sms center comprises short message receiving-transmitting server, digital signature server, certificate generation unit and certified mechanism digital certificate storehouse; The short message receiving-transmitting server is used to receive and dispatch note; Digital signature server can be carried out digital signature to the note that is sent; The certificate generation unit is used for the downloading digital certificate generator and generates the PKI and the private key of digital certificate according to the digital certificate generator; Certified mechanism digital certificate storehouse is used to deposit the private key of digital certificate.
Mobile phone comprises mobile phone body, is arranged on the note authentication in the mobile phone body and encrypts client and mobile phone digital certificate storehouse; The mobile phone digital certificate storehouse is used to deposit the PKI of digital certificate; Note authentication and encryption client can authenticate note that mobile phone body receives according to the PKI of digital certificate.
In order to maintain secrecy to the short message content of the up transmission of mobile phone, SMS authentication in the utility model system and encryption client can realize the encryption of sending short message by mobile phone according to the PKI in the mobile phone digital certificate storehouse, simultaneously at certified mechanism sms center a decrypting device is set, this decrypting device can send note to the cellphone subscriber according to the private key of digital certificate and be decrypted.
When the utility model carries out the note authenticated encryption, may further comprise the steps:
1] digital certificate of the certified mechanism of generation:
1.1] certified mechanism sms center submits the note authentication application to short breath authentication center;
1.2] user that generates certified mechanism of note authentication center indicates;
1.3] the certificate generation unit of certified mechanism indicates and the digital certificate generator from note authentication center download user;
1.4] the certificate generation unit of certified mechanism is right according to the key that the digital certificate generator generates digital certificate; Wherein the right private key of key leaves in the certified mechanism digital certificate storehouse;
1.5] the certificate generation unit sends to user ID and the right PKI of key in the public digital certificates storehouse of note authentication center;
2] mobile phone digital certificate is downloaded:
2.1] certified mechanism sms center sends the note with the download address of making an appointment sign to mobile phone;
2.2] download address that provides according to short message content of mobile phone is from the PKI of certified mechanism digital certificate storehouse downloading digital certificate;
3] certified mechanism sends the authentication note:
3.1] certified mechanism sms center delivers to digital signature server with phone number and short message content;
3.2] digital signature server carries out digital signature according to the private key of digital certificate to phone number and short message content;
3.3] digital signature server constitutes the digital signature character string with the back that the digital signature content is put into short message content, is sent to certified mechanism sms center;
3.4] certified mechanism sms center is sent to the short message receiving-transmitting server with the digital signature character string;
3.5] the short message receiving-transmitting server with the digital signature character string be sent to the corresponding mobile phone of phone number on;
4] note authentication:
4.1] mobile phone receives note and monitor short message content and send number;
4.2] note authenticates and the encryption client is found out the digital certificate that sends the number correspondence from the mobile phone digital certificate storehouse, the note of receiving is authenticated;
4.3] the demonstration authentication result.
During concrete authentication, the particular content that mobile phone receives note and monitors short message content and send number; If sending number is the sender that need authenticate, check then whether this note has the digital signature character string; If the digital signature character string is arranged, then do signature authentication according to the digital certificate of this sender's number correspondence, if authentication is passed through, then point out this note credible; If send number not in tabulation but send the title that content comprises needs authenticating party default, perhaps note does not have the digital signature character string, and perhaps authentication is not passed through, and then points out this note insincere.
In order to prevent to use same digital certificate to cause certificate to reveal for a long time, the utility model can carry out regular update to digital certificate.Accordingly, the step of note authentication also can comprise the preceding step of checking validity period of certificate of authentication:
Before using digital certificate authentication, check whether the current date time surpasses the term of validity of this certificate; If do not surpass the term of validity of certificate, then carry out the note authenticating step; If surpass the term of validity of certificate, and downloaded new digital certificate, then delete current digital certificate, and the new digital certificate that will download renames the current effective digital certificate as, carry out the note authenticating step then; If current digital certificate has surpassed the term of validity of certificate, and does not download new digital certificate, then carry out updating digital certificate, carry out the note authenticating step then.
Wherein, the step of updating digital certificate comprises:
Certified mechanism sms center in certificate expired for the previous period, generates new digital certificate;
Certified mechanism sms center sends to note authentication center with newly-generated digital certificate PKI;
The authentication of mobile phone and encrypt the new digital certificate of client downloads requires the title of this newly downloaded digital certificate or suffix with current still different at the digital certificate of use; Delete current digital certificate then, and the new digital certificate that will download renames the current effective digital certificate as.
Mobile phone authentication for convenience and encrypt the discriminating of client to short message content, digital signature server also can increase a sign that is expressed as encrypted content when according to the private key of digital certificate phone number and note being carried out digital signature before short message content.
Improve short message receiving-transmitting efficient when realizing maintaining secrecy, it is to adopt the http protocol request to sending number and short message content carries out digital signature that digital signature server is carried out digital signature according to the private key of digital certificate to phone number and note.
The user that note authentication center is generated indicates and can be a random number.
Be convenient management, certified mechanism can adopt the movable flashing dish in the digital certificate storehouse.
When needing to reply after the cellphone subscriber needs up transmission short message initiatively or receives the note of certified mechanism, can adopt and encrypt short message mode and carry out, concrete steps are as follows
1] cellphone subscriber sends the encryption note:
1.1] cellphone subscriber imports short message content;
1.2] mobile phone authentication and encrypt the number whether client check dight certificate repository has the recipient that the user imports; If no, then directly send; If have, then note authentication and encryption client are according to the public key encryption of digital certificate short message content to be sent;
1.3] short message content after mobile phone body will be encrypted sends to the short message receiving-transmitting server of certified mechanism;
2] certified mechanism receives and the deciphering note:
2.1] the short message receiving-transmitting server of certified mechanism receives note;
2.2] decrypting device of certified mechanism is decrypted the note that the cellphone subscriber sends according to the private key of digital certificate.
Equally, the cellphone subscriber also should check validity period of certificate before sending and encrypting note, and is specific as follows:
Before using digital certificate to encrypt, check whether the current date time surpasses the term of validity of this certificate; If do not surpass the term of validity of certificate, then send and encrypt note; If surpass the term of validity of certificate, and downloaded new digital certificate, then delete current certificate, and the new digital certificate that will download renames current digital certificate effectively as according to the updating digital certificate step; If current digital certificate has surpassed the term of validity of certificate, and this mobile phone is not downloaded new digital certificate, then before encryption, downloads new digital certificate from note authentication center server, delete current certificate then, and the new digital certificate that will download renames the current effective digital certificate as.
The utility model is applied in and utilizes note as follows at the process of exchange that bank extracts cash:
The signatory cellphone subscriber of bank imports short message contents such as the drawings account and the amount of money, encrypts the up bank short message center that is sent to, back; Sms center will be sent to user mobile phone after will working as inferior drawing encrypted message signature, after the user mobile phone authentication is passed through, demonstrate the drawing password, and the user realizes that according to drawing password and drawing number of the account no bankbook does not have card and extracts cash before sales counter or self-service ATM (automatic teller machine).
Claims (2)
1. note authenticated encryption system based on digital certificate, it is characterized in that: described note authenticated encryption system comprises note authentication center, certified mechanism sms center and mobile phone; Described note authentication center comprises digital certificate management service unit and public digital certificates storehouse; Described digital certificate management service unit is used for the managing digital certificate generator and generates user's sign of certified mechanism; Described public digital certificates storehouse is used to deposit PKI and user's sign of digital certificate; Described certified mechanism sms center comprises short message receiving-transmitting server, digital signature server, certificate generation unit and certified mechanism digital certificate storehouse; Described short message receiving-transmitting server is used to receive and dispatch note; Described digital signature server can be carried out digital signature to the note that is sent; Described certificate generation unit is used for the downloading digital certificate generator and generates the PKI and the private key of digital certificate according to the digital certificate generator; Described certified mechanism digital certificate storehouse is used to deposit the private key of digital certificate; Described mobile phone comprises mobile phone body, is arranged on the note authentication in the mobile phone body and encrypts client and mobile phone digital certificate storehouse; Described mobile phone digital certificate storehouse is used to deposit the PKI of digital certificate; Described note authentication and encryption client can authenticate note that mobile phone body receives according to the PKI of digital certificate.
2. according to the described note authenticated encryption system based on digital certificate of claim 1, it is characterized in that: described certified mechanism sms center comprises decrypting device, and described decrypting device can send note to the cellphone subscriber according to the private key of digital certificate and be decrypted; Described note authentication and encryption client also can realize the encryption of sending short message by mobile phone according to the PKI in the mobile phone digital certificate storehouse.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010202787409U CN201781620U (en) | 2010-08-02 | 2010-08-02 | Short message authentication and encryption system based on digital certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010202787409U CN201781620U (en) | 2010-08-02 | 2010-08-02 | Short message authentication and encryption system based on digital certificate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201781620U true CN201781620U (en) | 2011-03-30 |
Family
ID=43794818
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010202787409U Expired - Fee Related CN201781620U (en) | 2010-08-02 | 2010-08-02 | Short message authentication and encryption system based on digital certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201781620U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105392124A (en) * | 2015-10-12 | 2016-03-09 | 中国联合网络通信集团有限公司 | Short message verification method, mobile terminal, server and system |
-
2010
- 2010-08-02 CN CN2010202787409U patent/CN201781620U/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105392124A (en) * | 2015-10-12 | 2016-03-09 | 中国联合网络通信集团有限公司 | Short message verification method, mobile terminal, server and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101895847A (en) | Short message service authenticated encryption system and method based on digital certificate | |
| CN110535868A (en) | Data transmission method and system based on Hybrid Encryption algorithm | |
| CN107679847B (en) | Mobile transaction privacy protection method based on near field communication bidirectional identity authentication | |
| CN1980121B (en) | Electronic signing mobile terminal, system and method | |
| CN101136743A (en) | Digital certificate updating method and system | |
| CN113285803B (en) | Mail transmission system and transmission method based on quantum security key | |
| CN101931536B (en) | Method for encrypting and authenticating efficient data without authentication center | |
| CN103440444A (en) | Method of signing electronic contract | |
| CN101216923A (en) | A system and method to enhance the data security of e-bank dealings | |
| CN101720071A (en) | Short message two-stage encryption transmission and secure storage method based on safety SIM card | |
| KR20010008042A (en) | Certification auditing agency service and system | |
| CN113346995B (en) | Method and system for preventing falsification in mail transmission process based on quantum security key | |
| WO2005065134A2 (en) | Mobile device and method for providing certificate based cryptography | |
| CN103903129A (en) | Remitting system and remitting method realized based on text message mode | |
| CN105141635A (en) | Method and system for safe communication of group sending messages | |
| CN103078743B (en) | E-mail IBE (Internet Booking Engine) encryption realizing method | |
| CN104200154A (en) | Identity based installation package signing method and identity based installation package signing device | |
| CN109104271A (en) | A kind of methods, devices and systems of digital signature | |
| CN103973713A (en) | Transfer method, extraction method and processing system for electronic mail information | |
| CN116506854A (en) | Encryption communication system and method for Beidou short message | |
| CN103108245A (en) | Smart television payment secret key system and payment method based on smart television | |
| CN102571338A (en) | PKI (Public Key Infrastructure)-based method and system for certifying internet of things | |
| CN115174277B (en) | Data communication and file exchange method based on block chain | |
| CN201781620U (en) | Short message authentication and encryption system based on digital certificate | |
| Kisore et al. | A secure SMS protocol for implementing digital cash system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN IC CARD NEW TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: LIU MINGJING Effective date: 20111129 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20111129 Address after: 518057, building 17, building 01, Changhong science and technology building, twelve South Science and technology road, Shenzhen, Guangdong, Nanshan District Patentee after: Shenzhen One-Card-Pass New Technology Co., Ltd. Address before: 518057 room 1607, overseas student Pioneer Building, Nanshan District science and Technology Park, Shenzhen, Guangdong Patentee before: Liu Mingjing |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: Shenzhen City Tianfeng Guosheng Investment Company Limited Assignor: Shenzhen One-Card-Pass New Technology Co., Ltd. Contract record no.: 2012440020026 Denomination of utility model: Short message service authenticated encryption system and method based on digital certificate Granted publication date: 20110330 License type: Exclusive License Record date: 20120306 |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110330 Termination date: 20190802 |