WO2020140914A1 - 一种客户端认证方法、装置和计算机可读存储介质 - Google Patents

一种客户端认证方法、装置和计算机可读存储介质 Download PDF

Info

Publication number
WO2020140914A1
WO2020140914A1 PCT/CN2019/130864 CN2019130864W WO2020140914A1 WO 2020140914 A1 WO2020140914 A1 WO 2020140914A1 CN 2019130864 W CN2019130864 W CN 2019130864W WO 2020140914 A1 WO2020140914 A1 WO 2020140914A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
digital certificate
information
self
authentication
Prior art date
Application number
PCT/CN2019/130864
Other languages
English (en)
French (fr)
Inventor
阎军智
杭小勇
Original Assignee
中国移动通信有限公司研究院
中国移动通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信有限公司研究院, 中国移动通信集团有限公司 filed Critical 中国移动通信有限公司研究院
Publication of WO2020140914A1 publication Critical patent/WO2020140914A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Definitions

  • the embodiments of the present invention relate to the technical field of mobile communications, and in particular, to a client authentication method, device, and computer-readable storage medium.
  • client applications With the popularity of smart mobile terminals, more and more client applications (APPs) are installed on smart mobile terminals. These client applications are used in social, work, travel, finance, and many other fields, and most applications contain large amounts of user-sensitive data, and security issues are extremely prominent. As the key information for using the client application, the authentication data for the user to log in to the client application needs strict security protection.
  • client login authentication methods such as: static password authentication, dynamic password authentication, digital certificate method, biometric authentication, etc.
  • static passwords will exist in the password dictionary
  • the dynamic password authentication method is only suitable for the authentication of mobile phone numbers, and the application is more limited
  • the digital certificate method needs to apply for a certificate from a certificate authority (CA), and the security is not guaranteed, and the cost is higher
  • biometric authentication The method needs to collect biological information in advance, and the application is limited.
  • the embodiments of the present invention are expected to provide a client authentication method, device, and computer-readable storage medium.
  • An embodiment of the present invention provides a client authentication method.
  • the method is applied to a client and includes:
  • the self-signed digital certificate includes: device information, and/or client information;
  • the authentication of the device and/or client is completed.
  • the self-signed digital certificate includes: user information, and/or device information, and/or client information.
  • the user information includes: user identification, and/or user authentication credentials.
  • the information based on the and self-signed digital certificate, and completing the authentication of the device and/or client through interaction with the blockchain digital certificate system and the business platform includes:
  • the client program When the client program starts, it sends a login request to the business platform;
  • the method further includes:
  • the biometric authentication or password authentication is used to protect the private key, and the private key is used to sign after the authentication is passed.
  • An embodiment of the present invention also provides a client authentication method, which is applied to a business platform and includes:
  • the self-signed digital certificate is generated by the client and includes: device information and/or client information;
  • the information based on the private key generated by the client and the self-signed digital certificate is used to complete the authentication of the device and/or client through interaction with the blockchain digital certificate system and the client ,include:
  • An embodiment of the present invention also provides a client authentication device, which is applied to the client and includes:
  • a generating module configured to generate a public-private key pair and a self-signed digital certificate, the self-signed digital certificate includes: device information, and/or client information;
  • the sending module is configured to send the self-signed digital certificate to the blockchain digital certificate system for the blockchain digital certificate system to verify and record the self-signed digital certificate; the user information and the self-signed digital The information of the certificate is sent to the business platform;
  • the first authentication module is configured to complete the authentication of the device and/or client by interacting with the blockchain digital certificate system and the business platform based on the information of the private key and the self-signed digital certificate.
  • An embodiment of the present invention also provides a client authentication device, which is applied to a business platform and includes:
  • the receiving module is configured to receive user information and self-signed digital certificate information sent by the client; the self-signed digital certificate is generated by the client and includes: device information and/or client information;
  • the second authentication module is configured to complete the device and/or through interaction with the blockchain digital certificate system and the client based on the private key generated by the client and the information of the self-signed digital certificate Client authentication.
  • An embodiment of the present invention also provides a client authentication device, which includes: a processor and a memory for storing a computer program that can run on the processor,
  • An embodiment of the present invention further provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of the above method are implemented.
  • the client authentication method, device, and computer-readable storage medium provided by the embodiments of the present invention generate a public and private key pair and a self-signed digital certificate, and the self-signed digital certificate includes: device information and/or client information;
  • the self-signed digital certificate is sent to the blockchain digital certificate system for the blockchain digital certificate system to verify and record the self-signed digital certificate;
  • the user information and the information of the self-signed digital certificate are sent to the business platform;
  • the client Based on the information of the private key and the self-signed digital certificate, and through interaction with the blockchain digital certificate system and the business platform, the authentication of the device and/or client is completed.
  • the client generates and configures the digital certificate by itself without introducing a CA or a third party.
  • the business platform (or server) binds (stores) the user or/and device with the digital certificate, so that the digital certificate can be used Realize the authentication of client users and/or devices, provide users with personalized services, and improve user experience; compared with password authentication, it can avoid the risk of password storage and transmission, and also avoid the risk of weak passwords and improve security; Compared with the biometric authentication method, it has lower requirements on the terminal and high compatibility. Compared with the traditional certificate method, it does not involve a CA or a third party, which reduces the cost of buying a certificate from a third-party CA organization or building and maintaining a CA.
  • FIG. 1 is a schematic flowchart 1 of a client authentication method according to an embodiment of the present invention
  • FIG. 2 is a second schematic flowchart of a client authentication method according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram 1 of a client authentication device according to an embodiment of the present invention.
  • FIG. 4 is a second schematic structural diagram of a client authentication device according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a digital certificate system based on a blockchain according to an embodiment of the present invention.
  • An embodiment of the present invention provides a client authentication method. As shown in FIG. 1, the method is applied to the client and includes:
  • Step 101 Generate a public and private key pair and a self-signed digital certificate, where the self-signed digital certificate includes: device information and/or client information;
  • Step 102 Send the self-signed digital certificate to the blockchain digital certificate system for the blockchain digital certificate system to verify and record the self-signed digital certificate;
  • Step 103 Send the user information and the information of the self-signed digital certificate to the service platform;
  • Step 104 Based on the information of the private key and the self-signed digital certificate, and through interaction with the blockchain digital certificate system and the business platform, the authentication of the device and/or client is completed.
  • the public key will be reflected in the self-signed digital certificate
  • the private key is used to sign the self-signed digital certificate (the self-signed digital certificate already contains the public key information)
  • the signature result is also reflected in the self-signed digital certificate ( That is: the client uses the private key to sign, and the business platform uses the self-signed digital certificate to verify the signature), which is related technology and will not be described in detail later.
  • the client generates and configures the digital certificate by itself without introducing a CA or a third party.
  • the business platform or server
  • biometric authentication method it has lower requirements on the terminal and high compatibility.
  • it does not involve a CA or a third party, which reduces the cost of buying a certificate from a third-party CA organization or building and maintaining a CA.
  • the self-signed digital certificate may further include: user information, and/or device information, and/or client information.
  • the user information includes: user identification, and/or user authentication credentials.
  • the information based on the private key and the self-signed digital certificate, and the interaction between the blockchain digital certificate system and the business platform to complete the authentication of the device and/or client include: :
  • the client program When the client program starts, it sends a login request to the business platform;
  • the method when the private key corresponding to the current client user is called, the method further includes:
  • the biometric authentication or password authentication is used to protect the private key, and the private key is used to sign after the authentication is passed.
  • An embodiment of the present invention also provides a client authentication method. As shown in FIG. 2, the method is applied to a business platform and includes:
  • Step 201 Receive user information and self-signed digital certificate information sent by the client; the self-signed digital certificate is generated by the client and includes: device information and/or client information;
  • Step 202 Based on the private key generated by the client and the information of the self-signed digital certificate, and through interaction with the blockchain digital certificate system and the client, the device and/or client authentication is completed.
  • the device is based on the private key generated by the client and the information of the self-signed digital certificate, and through interaction with the blockchain digital certificate system and the client Or client authentication, including:
  • an embodiment of the present invention also provides a client authentication device. As shown in FIG. 3, the device is applied to a client, including:
  • the generating module 301 is configured to generate a public-private key pair and a self-signed digital certificate, where the self-signed digital certificate includes: device information and/or client information;
  • the sending module 302 is configured to send the self-signed digital certificate to the blockchain digital certificate system for the blockchain digital certificate system to verify and record the self-signed digital certificate; the user information and the self-signed Digital certificate information is sent to the business platform;
  • the first authentication module 303 is configured to complete the authentication of the device and/or client by interacting with the blockchain digital certificate system and the business platform based on the information of the private key and the self-signed digital certificate.
  • the self-signed digital certificate includes: user information, and/or device information, and/or client information.
  • the user information includes: user identification, and/or user authentication credentials.
  • the first authentication module 303 completes the device and/or based on the interaction between the blockchain digital certificate system and the business platform based on the information of the private key and the self-signed digital certificate Client authentication, including:
  • the client program When the client program starts, it sends a login request to the business platform;
  • the first authentication module 303 when the first authentication module 303 calls the private key corresponding to the current client user, it is also configured to protect the private key by means of biometric authentication or password authentication.
  • the private key is called after authentication is passed. signature.
  • An embodiment of the present invention also provides a client authentication device. As shown in FIG. 4, the device is applied to a business platform and includes:
  • the receiving module 401 is configured to receive user information and self-signed digital certificate information sent by the client; the self-signed digital certificate is generated by the client and includes: device information and/or client information;
  • the second authentication module 402 is configured to complete the device and/or through interaction with the blockchain digital certificate system and the client based on the private key generated by the client and the information of the self-signed digital certificate Or client authentication.
  • the second authentication module 402 is based on the private key generated by the client and the information of the self-signed digital certificate, and is completed through interaction with the blockchain digital certificate system and the client
  • the authentication of the device and/or client includes:
  • An embodiment of the present invention also provides a client authentication device, which includes: a processor and a memory for storing a computer program that can run on the processor,
  • the self-signed digital certificate includes: device information, and/or client information;
  • the authentication of the device and/or client is completed.
  • the self-signed digital certificate includes: user information, and/or device information, and/or client information.
  • the processor When the information based on the private key and the self-signed digital certificate is used to complete the authentication of the device and/or client through interaction with the blockchain digital certificate system and the business platform, the processor also uses When running the computer program, execute:
  • the client program When the client program starts, it sends a login request to the business platform;
  • the biometric authentication or password authentication is used to protect the private key, and the private key is used to sign after the authentication is passed.
  • An embodiment of the present invention also provides a client authentication device, which includes: a processor and a memory for storing a computer program that can run on the processor,
  • the self-signed digital certificate is generated by the client and includes: device information and/or client information;
  • the device provided in the above embodiment performs client authentication
  • only the above division of each program module is used as an example for illustration.
  • the above processing may be allocated by different program modules according to needs.
  • the internal structure of the device is divided into different program modules to complete all or part of the processing described above.
  • the device provided in the above embodiment and the corresponding method embodiment belong to the same concept. For the specific implementation process, refer to the method embodiment, and details are not described here.
  • an embodiment of the present invention also provides a computer-readable storage medium.
  • the computer-readable storage medium may be FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface memory, optical disk, Or a CD-ROM or other storage; it can also be a variety of devices including one or any combination of the above storages, such as mobile phones, computers, tablet devices, personal digital assistants, etc.
  • An embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored.
  • the computer program executes:
  • the self-signed digital certificate includes: device information, and/or client information;
  • the authentication of the device and/or client is completed.
  • the self-signed digital certificate includes: user information, and/or device information, and/or client information.
  • the computer program is processed when the information based on the private key and self-signed digital certificate is completed and the device and/or client is authenticated through interaction with the blockchain digital certificate system and business platform When the device is running, it also executes:
  • the client program When the client program starts, it sends a login request to the business platform;
  • the biometric authentication or password authentication is used to protect the private key, and the private key is used to sign after the authentication is passed.
  • An embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored.
  • the computer program executes:
  • the self-signed digital certificate is generated by the client and includes: device information and/or client information;
  • This embodiment provides a method of generating and using a client self-signed digital certificate.
  • the client generates and configures a digital certificate by itself, and the business platform (or server) binds the user and/or device with the digital certificate, so that the digital certificate can be used to authenticate the client user and/or device.
  • This embodiment is a client self-signed digital certificate generation, sending and binding process, including:
  • Step 1 When the client software is installed in the device, the client generates a public and private key pair and generates a self-signed digital certificate.
  • the self-signed digital certificate may also include device information and/or client information; wherein, device information such as device serial number, or device fingerprint information, client information Such as the version number.
  • Step 2 The client sends the self-signed digital certificate to the blockchain digital certificate system.
  • the blockchain digital certificate system is an existing technology.
  • the nodes in the blockchain digital certificate system verify the self-signed digital certificate and record the self-signed digital certificate in the blockchain digital certificate system after consensus.
  • the digital certificate system of the blockchain is shown in FIG. 5, wherein the client in this embodiment corresponds to the certificate user/device, and the business platform in this embodiment corresponds to the verifier, which will not be described in detail. .
  • Step 3 When the user successfully logs in to the above installed client for the first time, the client will send the user information and certificate information (either a full certificate or a certificate ID, the hash value of the certificate, or other capable of identifying the digital certificate Information) to the business platform.
  • certificate information either a full certificate or a certificate ID, the hash value of the certificate, or other capable of identifying the digital certificate Information
  • Step 4 The business platform records the correspondence between user information and certificate information.
  • the self-signed digital certificate is generated when the client is installed, it does not have user information. If multiple users use the same client on the same device, it will cause multiple users to correspond to the same digital certificate and use it on the client.
  • users cannot be distinguished using only the certificate information. It is necessary to use other information to distinguish users, such as local biometric verification or password verification.
  • the second embodiment can also be used to solve the above user authentication problem.
  • This embodiment is a client self-signed digital certificate generation, sending and binding process, including:
  • Step 1 Install the client software on the device
  • Step 2 When the user successfully logs in to the installed client for the first time, the client generates a public and private key pair and generates a self-signed digital certificate.
  • the self-signed digital certificate may also include user information and/or device information and/or client information; where the user information is such as a user ID;
  • the device information is the device serial number, or the device fingerprint information; the client information is the version number.
  • Step 3 The client sends the self-signed digital certificate to the blockchain digital certificate system.
  • the blockchain digital certificate system is an existing technology.
  • the nodes in the system verify the self-signed digital certificate, and record the self-signed digital certificate into the blockchain system after consensus.
  • Step 4 The client sends the user information and certificate information (which can be a complete certificate or a certificate ID, a hash value of the certificate, or other information that can identify the digital certificate) to the service platform.
  • certificate information which can be a complete certificate or a certificate ID, a hash value of the certificate, or other information that can identify the digital certificate
  • Step 5 The business platform records the correspondence between user information and certificate information.
  • This embodiment is a client automatic login process. After the above client certificate generation, sending, and binding processes are completed, the business platform has recorded the correspondence between user information and certificate information.
  • the process includes:
  • Step 1 When the user starts the client program, the client sends a login request to the business platform;
  • Step 2 After receiving the login request, the service platform sends a random number to the client;
  • Step 3 The client calls the private key corresponding to the current client user to sign the received random number, and sends the current client user's certificate information and signature result to the business platform, where the certificate information can be a complete digital certificate , Can also be the certificate ID, hash value and other information that can identify the certificate;
  • the private key when invoking the private key, can also be protected by biometric authentication or password authentication, and it is determined that the private key can be invoked for signature only when the authentication is passed.
  • Step 4 The business platform uses the blockchain digital certificate system to verify the digital certificate. The verification includes that the certificate has not been revoked and the certificate is in the validity period. If the complete digital certificate is not included in step 3, the business platform can also use the blockchain digital The certificate system found a complete digital certificate.
  • Step 5 The service platform verifies the digital signature of the client. If the signature is correct, the corresponding user and/or device and/or client are found according to the digital certificate, thereby realizing the authentication of the user and/or device and/or client.
  • the client generates and configures the digital certificate by itself without introducing a CA or a third party.
  • the business platform (or server) binds the user or/and device with the digital certificate, so that the client can be implemented through the digital certificate
  • User and/or device authentication provides users with personalized services and improves user experience; compared with password authentication, it can avoid the risk of password storage and transmission, and also avoid the risk of weak passwords, improving security; and biometric authentication
  • the terminal has lower requirements and high compatibility. Compared with the traditional certificate method, it does not involve a CA or a third party, which reduces the cost of buying a certificate from a third-party CA organization or building and maintaining a CA.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明实施例提供了一种客户端认证方法、装置和计算机可读存储介质,所述方法包括:产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;将用户信息和所述自签名数字证书的信息发送到业务平台;基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。

Description

一种客户端认证方法、装置和计算机可读存储介质 技术领域
本发明实施例涉及移动通信技术领域,尤其涉及一种客户端认证方法、装置和计算机可读存储介质。
背景技术
随着智能移动终端的普及,在智能移动终端上安装的客户端应用程序(APP)越来越多。这些客户端应用程序应用于社交、工作、出行、金融等众多领域,并且多数应用程序都包含大量的用户敏感数据,安全问题极为突出。作为使用客户端应用程序的重点信息,用户登录客户端应用程序的认证数据需要严格的安全保护。
目前常用的客户端登录认证方式有多种,如:静态口令认证、动态口令认证、数字证书方式、生物认证等。为了使用户在使用客户端不必每次都执行登录操作,且确保安全性,服务器仍需对用户进行认证,目前的客户端登录认证方式会存在各种缺陷,如:静态口令会存在被口令字典破解或暴力破解的风险;动态口令认证方式只适合对手机号码的认证,应用较局限;数字证书方式需要向证书授权中心(CA)申请证书,安全性得不到保障,成本较高;生物认证方式需要提前采集生物信息,应用受到局限。
发明内容
有鉴于此,本发明实施例期望提供一种客户端认证方法、装置和计算机可读存储介质。
为达到上述目的,本发明实施例的技术方案是这样实现的:
本发明实施例提供了一种客户端认证方法,该方法应用于客户端,包 括:
产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;
将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;
将用户信息和所述自签名数字证书的信息发送到业务平台;
基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。
其中,所述自签名数字证书包括:用户信息、和/或设备信息、和/或客户端信息。
其中,所述用户信息包括:用户身份标识、和/或用户认证凭证。
其中,所述基于所述和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证,包括:
客户端程序启动时,向所述业务平台发送登录请求;
调用与当前客户端用户对应的私钥对所述业务平台发送的随机数进行签名,并将当前客户端用户的证书信息以及签名结果发送给所述业务平台,用于所述业务平台实现对所述设备和/或客户端的认证。
可选的,所述调用与当前客户端用户对应的私钥时,该方法还包括:
采用生物认证或口令认证的方式对私钥进行保护,认证通过后才调用私钥进行签名。
本发明实施例还提供了一种客户端认证方法,该方法应用于业务平台,包括:
接收客户端发送的用户信息和自签名数字证书的信息;所述自签名数字证书由所述客户端产生,包括:设备信息、和/或客户端信息;
基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与 区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证。
其中,所述基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证,包括:
接收客户端发送的登录请求;
向所述客户端发送随机数,所述随机数用于所述客户端进行签名;
接收所述客户端发送的相应用户的证书信息以及签名结果,并进行后续设备和/或客户端的认证流程。
本发明实施例还提供了一种客户端认证装置,该装置应用于客户端,包括:
生成模块,配置为产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;
发送模块,配置为将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;将用户信息和所述自签名数字证书的信息发送到业务平台;
第一认证模块,配置为基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。
本发明实施例还提供了一种客户端认证装置,该装置应用于业务平台,包括:
接收模块,配置为接收客户端发送的用户信息和自签名数字证书的信息;所述自签名数字证书由所述客户端产生,包括:设备信息、和/或客户端信息;
第二认证模块,配置为基于所述客户端产生的私钥和所述自签名数字 证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证。
本发明实施例还提供了一种客户端认证装置,该装置包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,
其中,所述处理器用于运行所述计算机程序时,执行上述方法的步骤。
本发明实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现上述方法的步骤。
本发明实施例提供的客户端认证方法、装置和计算机可读存储介质,产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;将用户信息和所述自签名数字证书的信息发送到业务平台;基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。本发明实施例客户端自行产生和配置数字证书,无需引入CA或第三方,业务平台(或称为服务端)将用户或/和设备与数字证书进行绑定(存储),从而可通过数字证书实现对客户端用户和/或设备的认证,为用户提供个性化服务,提升用户体验;与口令认证方式相比,可避免口令存储和传输的风险,也避免了弱口令风险,提升安全性;与生物认证方式相比,对终端要求比较低,兼容性高;较传统证书方式相比,不涉及CA或第三方,减少了向第三方CA机构购买证书、或者建设和维护CA的成本。
附图说明
图1为本发明实施例所述客户端认证方法流程示意图一;
图2为本发明实施例所述客户端认证方法流程示意图二;
图3为本发明实施例所述客户端认证装置结构示意图一;
图4为本发明实施例所述客户端认证装置结构示意图二;
图5为本发明实施例所述基于区块链的数字证书系统示意图。
具体实施方式
下面结合附图和实施例对本发明进行描述。
本发明实施例提供了一种客户端认证方法,如图1所示,该方法应用于客户端,包括:
步骤101:产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;
步骤102:将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;
步骤103:将用户信息和所述自签名数字证书的信息发送到业务平台;
步骤104:基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。
这里,所述公钥将体现在自签名数字证书中,私钥用于对自签名数字证书进行签名(自签名数字证书中已经包含公钥信息),签名结果也体现在自签名数字证书中(即:客户端用所述私钥进行签名,业务平台用所述自签名数字证书验证签名),为相关技术,后续不再详述。
本发明实施例客户端自行产生和配置数字证书,无需引入CA或第三方,业务平台(或称为服务端)将用户和/或设备与数字证书进行绑定(存储),从而可通过数字证书实现对客户端用户和/或设备的认证,为用户提供个性化服务,提升用户体验;与口令认证方式相比,可避免口令存储和传输的风险,也避免了弱口令风险,提升安全性;与生物认证方式相比,对终端要求比较低,兼容性高;较传统证书方式相比,不涉及CA或第三方,减少了向第三方CA机构购买证书、或者建设和维护CA的成本。
一个实施例中,所述自签名数字证书还可包括:用户信息、和/或设备 信息、和/或客户端信息。
本发明实施例中,所述用户信息包括:用户身份标识、和/或用户认证凭证。
本发明实施例中,所述基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证,包括:
客户端程序启动时,向所述业务平台发送登录请求;
调用与当前客户端用户对应的私钥对所述业务平台发送的随机数进行签名,并将当前客户端用户的证书信息以及签名结果发送给所述业务平台,用于所述业务平台实现对所述设备和/或客户端的认证。
一个实施例中,所述调用与当前客户端用户对应的私钥时,该方法还包括:
采用生物认证或口令认证的方式对私钥进行保护,认证通过后才调用私钥进行签名。
本发明实施例还提供了一种客户端认证方法,如图2所示,该方法应用于业务平台,包括:
步骤201:接收客户端发送的用户信息和自签名数字证书的信息;所述自签名数字证书由所述客户端产生,包括:设备信息、和/或客户端信息;
步骤202:基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证。
本发明实施例中,所述基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证,包括:
接收客户端发送的登录请求;
向所述客户端发送随机数,所述随机数用于所述客户端进行签名;
接收所述客户端发送的相应用户的证书信息以及签名结果,并进行后续设备和/或客户端的认证流程。
为了实现上述方法,本发明实施例还提供了一种客户端认证装置,如图3所示,该装置应用于客户端,包括:
生成模块301,配置为产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;
发送模块302,配置为将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;将用户信息和所述自签名数字证书的信息发送到业务平台;
第一认证模块303,配置为基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。
本发明实施例中,所述自签名数字证书包括:用户信息、和/或设备信息、和/或客户端信息。
本发明实施例中,所述用户信息包括:用户身份标识、和/或用户认证凭证。
本发明实施例中,所述第一认证模块303基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证,包括:
客户端程序启动时,向所述业务平台发送登录请求;
调用与当前客户端用户对应的私钥对所述业务平台发送的随机数进行签名,并将当前客户端用户的证书信息以及签名结果发送给所述业务平台,用于所述业务平台实现对所述设备和/或客户端的认证。
本发明实施例中,所述第一认证模块303调用与当前客户端用户对应 的私钥时,还配置为采用生物认证或口令认证的方式对私钥进行保护,认证通过后才调用私钥进行签名。
本发明实施例还提供了一种客户端认证装置,如图4所示,该装置应用于业务平台,包括:
接收模块401,配置为接收客户端发送的用户信息和自签名数字证书的信息;所述自签名数字证书由所述客户端产生,包括:设备信息、和/或客户端信息;
第二认证模块402,配置为基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证。
本发明实施例中,所述第二认证模块402基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证,包括:
接收客户端发送的登录请求;
向所述客户端发送随机数,所述随机数用于所述客户端进行签名;
接收所述客户端发送的相应用户的证书信息以及签名结果,并进行后续设备和/或客户端的认证流程。
本发明实施例还提供了一种客户端认证装置,该装置包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,
其中,所述处理器用于运行所述计算机程序时,执行:
产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;
将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;
将用户信息和所述自签名数字证书的信息发送到业务平台;
基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。
其中,所述自签名数字证书包括:用户信息、和/或设备信息、和/或客户端信息。
所述基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证时,所述处理器还用于运行所述计算机程序时,执行:
客户端程序启动时,向所述业务平台发送登录请求;
调用与当前客户端用户对应的私钥对所述业务平台发送的随机数进行签名,并将当前客户端用户的证书信息以及签名结果发送给所述业务平台,用于所述业务平台实现对所述设备和/或客户端的认证。
所述调用与当前客户端用户对应的私钥时,所述处理器还用于运行所述计算机程序时,执行:
采用生物认证或口令认证的方式对私钥进行保护,认证通过后才调用私钥进行签名。
本发明实施例还提供了一种客户端认证装置,该装置包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,
其中,所述处理器用于运行所述计算机程序时,执行:
接收客户端发送的用户信息和自签名数字证书的信息;所述自签名数字证书由所述客户端产生,包括:设备信息、和/或客户端信息;
基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证。
所述基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端 的认证时,所述处理器还用于运行所述计算机程序时,执行:
接收客户端发送的登录请求;
向所述客户端发送随机数,所述随机数用于所述客户端进行签名;
接收所述客户端发送的相应用户的证书信息以及签名结果,并进行后续设备和/或客户端的认证流程。
需要说明的是:上述实施例提供的装置在进行客户端认证时,仅以上述各程序模块的划分进行举例说明,实际应用中,可以根据需要而将上述处理分配由不同的程序模块完成,即将设备的内部结构划分成不同的程序模块,以完成以上描述的全部或者部分处理。另外,上述实施例提供的装置与相应方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。
在示例性实施例中,本发明实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质可以是FRAM、ROM、PROM、EPROM、EEPROM、Flash Memory、磁表面存储器、光盘、或CD-ROM等存储器;也可以是包括上述存储器之一或任意组合的各种设备,如移动电话、计算机、平板设备、个人数字助理等。
本发明实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时,执行:
产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;
将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;
将用户信息和所述自签名数字证书的信息发送到业务平台;
基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。
其中,所述自签名数字证书包括:用户信息、和/或设备信息、和/或客户端信息。
所述基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证时,所述计算机程序被处理器运行时,还执行:
客户端程序启动时,向所述业务平台发送登录请求;
调用与当前客户端用户对应的私钥对所述业务平台发送的随机数进行签名,并将当前客户端用户的证书信息以及签名结果发送给所述业务平台,用于所述业务平台实现对所述设备和/或客户端的认证。
所述调用与当前客户端用户对应的私钥时,所述计算机程序被处理器运行时,还执行:
采用生物认证或口令认证的方式对私钥进行保护,认证通过后才调用私钥进行签名。
本发明实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时,执行:
接收客户端发送的用户信息和自签名数字证书的信息;所述自签名数字证书由所述客户端产生,包括:设备信息、和/或客户端信息;
基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证。
所述基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证时,所述计算机程序被处理器运行时,还执行:
接收客户端发送的登录请求;
向所述客户端发送随机数,所述随机数用于所述客户端进行签名;
接收所述客户端发送的相应用户的证书信息以及签名结果,并进行后续设备和/或客户端的认证流程。
下面结合场景实施例对本发明进行描述。
本实施例给出了客户端自签名数字证书的产生和使用方法。客户端自行产生和配置数字证书,业务平台(或称为服务端)将用户和/或设备与数字证书进行绑定,从而可通过数字证书实现对客户端用户和/或设备的认证。
实施例一
该实施例为客户端自签名数字证书产生、发送和绑定流程,包括:
步骤一:客户端软件在设备中安装时,客户端产生公私钥对,并产生自签名数字证书。
可选的,为了实现客户端与设备的绑定,该自签名数字证书中还可以包括设备信息和/或客户端信息;其中,设备信息如设备序列号,或者设备的指纹信息,客户端信息如版本号。
步骤二:客户端将该自签名数字证书发送到区块链数字证书系统中。
其中,区块链数字证书系统是已有技术,区块链数字证书系统中的节点对自签名数字证书进行验证,通过共识后将该自签名数字证书记录到区块链数字证书系统中,基于区块链的数字证书系统如图5所示,其中,本实施例中的客户端对应于所述证书用户/设备,本实施例中的业务平台对应于所述验证方,具体不再详述。
步骤三:用户在首次成功登录上述已安装的客户端时,客户端将用户信息和证书信息(可以是完整证书,也可以是证书ID,证书的散列值,或其他能够标识出该数字证书的信息)发送到业务平台。
步骤四:业务平台记录用户信息和证书信息的对应关系。
这里,由于自签名数字证书是在客户端安装时产生,因此不具有用户信息,如果多个用户使用同一设备的同一客户端,那么将导致多个用户对 应于同一个数字证书,在客户端使用证书登录时,仅使用证书信息无法区分用户,需要辅助使用其他信息才能区分用户,如本地生物校验或口令校验等方式;也可以采用如下实施例二解决上述用户认证问题。
实施例二
本实施例为客户端自签名数字证书产生、发送和绑定流程,包括:
步骤一:客户端软件安装到设备中;
步骤二:用户在首次成功登录上述已安装的客户端时,客户端产生公私钥对,并产生自签名数字证书。
这里,为了实现证书与用户和/或设备和/或客户端的绑定,该自签名数字证书中还可以包括用户信息和/或设备信息和/或客户端信息;其中用户信息如用户ID;所述设备信息如设备序列号,或者设备的指纹信息;所述客户端信息如版本号。
步骤三:客户端将该自签名数字证书发送到区块链数字证书系统中。
其中区块链数字证书系统是已有技术,系统中的节点对自签名数字证书进行验证,通过共识后将该自签名数字证书记录到区块链系统中。
步骤四:客户端将用户信息和证书信息(可以是完整证书,也可以是证书ID,证书的散列值,或其他能够标识出该数字证书的信息)发送到业务平台。
步骤五:业务平台记录用户信息和证书信息的对应关系。
实施例三
该实施例为客户端自动登录过程,当上述客户端证书产生、发送和绑定流程执行完毕之后,业务平台已经记录用户信息与证书信息的对应关系。该流程包括:
步骤一:用户启动该客户端程序时,客户端向业务平台发送登录请求;
步骤二:业务平台收到登录请求后,向客户端发送随机数;
步骤三:客户端调用与当前客户端用户对应的私钥对收到的随机数进行签名,并将当前客户端用户的证书信息以及签名结果发送给业务平台,其中证书信息可以是完整的数字证书,也可以是证书的ID、散列值等可以标识证书的其他信息;
可选的,调用私钥时,还可以采用生物认证或口令认证等方式对私钥加以保护,确定只有认证通过时才可调用私钥进行签名。
步骤四:业务平台利用区块链数字证书系统验证数字证书,验证内容包括证书未被撤销,证书处于有效期等;如果步骤三中未包含完整的数字证书,那么业务平台还可以利用区块链数字证书系统查询到完整的数字证书。
步骤五:业务平台验证客户端的数字签名,若签名正确,则根据数字证书查找到相应的用户和/或设备和/或客户端,从而实现对用户和/或设备和/或客户端的认证。
上述步骤四、五也可参考相关技术。
本实施例客户端自行产生和配置数字证书,无需引入CA或第三方,业务平台(或称为服务端)将用户或/和设备与数字证书进行绑定,从而可通过数字证书实现对客户端用户和/或设备的认证,为用户提供个性化服务,提升用户体验;与口令认证方式相比,可避免口令存储和传输的风险,也避免了弱口令风险,提升安全性;与生物认证方式相比,对终端要求比较低,兼容性高;较传统证书方式相比,不涉及CA或第三方,减少了向第三方CA机构购买证书、或者建设和维护CA的成本。
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。

Claims (11)

  1. 一种客户端认证方法,该方法应用于客户端,包括:
    产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;
    将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;
    将用户信息和所述自签名数字证书的信息发送到业务平台;
    基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。
  2. 根据权利要求1所述的方法,其中,所述自签名数字证书包括:用户信息、和/或设备信息、和/或客户端信息。
  3. 根据权利要求1或2所述的方法,其中,所述用户信息包括:用户身份标识、和/或用户认证凭证。
  4. 根据权利要求1所述的方法,其中,所述基于所述和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证,包括:
    客户端程序启动时,向所述业务平台发送登录请求;
    调用与当前客户端用户对应的私钥对所述业务平台发送的随机数进行签名,并将当前客户端用户的证书信息以及签名结果发送给所述业务平台,用于所述业务平台实现对所述设备和/或客户端的认证。
  5. 根据权利要求4所述的方法,其中,所述调用与当前客户端用户对应的私钥时,该方法还包括:
    采用生物认证或口令认证的方式对私钥进行保护,认证通过后才调用私钥进行签名。
  6. 一种客户端认证方法,该方法应用于业务平台,包括:
    接收客户端发送的用户信息和自签名数字证书的信息;所述自签名数字证书由所述客户端产生,包括:设备信息、和/或客户端信息;
    基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证。
  7. 根据权利要求6所述的方法,其中,所述基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证,包括:
    接收客户端发送的登录请求;
    向所述客户端发送随机数,所述随机数用于所述客户端进行签名;
    接收所述客户端发送的相应用户的证书信息以及签名结果,并进行后续设备和/或客户端的认证流程。
  8. 一种客户端认证装置,该装置应用于客户端,包括:
    生成模块,配置为产生公私钥对以及自签名数字证书,所述自签名数字证书包括:设备信息、和/或客户端信息;
    发送模块,配置为将所述自签名数字证书发送到区块链数字证书系统,用于所述区块链数字证书系统验证并记录所述自签名数字证书;将用户信息和所述自签名数字证书的信息发送到业务平台;
    第一认证模块,配置为基于所述私钥和自签名数字证书的信息,并通过与所述区块链数字证书系统和业务平台间的交互完成所述设备和/或客户端的认证。
  9. 一种客户端认证装置,该装置应用于业务平台,包括:
    接收模块,配置为接收客户端发送的用户信息和自签名数字证书的信息;所述自签名数字证书由所述客户端产生,包括:设备信息、和/或客户端信息;
    第二认证模块,配置为基于所述客户端产生的私钥和所述自签名数字证书的信息,并通过与区块链数字证书系统和所述客户端间的交互完成所述设备和/或客户端的认证。
  10. 一种客户端认证装置,该装置包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,
    其中,所述处理器用于运行所述计算机程序时,执行权利要求1-5中任一项所述方法的步骤、或执行权利要求6或7所述方法的步骤。
  11. 一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现权利要求1-5中任一项所述方法的步骤、或实现权利要求6或7所述方法的步骤。
PCT/CN2019/130864 2019-01-02 2019-12-31 一种客户端认证方法、装置和计算机可读存储介质 WO2020140914A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910000434.4A CN111404859A (zh) 2019-01-02 2019-01-02 一种客户端认证方法、装置和计算机可读存储介质
CN201910000434.4 2019-01-02

Publications (1)

Publication Number Publication Date
WO2020140914A1 true WO2020140914A1 (zh) 2020-07-09

Family

ID=71407252

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/130864 WO2020140914A1 (zh) 2019-01-02 2019-12-31 一种客户端认证方法、装置和计算机可读存储介质

Country Status (2)

Country Link
CN (1) CN111404859A (zh)
WO (1) WO2020140914A1 (zh)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114205076A (zh) * 2021-11-18 2022-03-18 广东电网有限责任公司 基于数字证书的量子密钥分发系统
CN114389827A (zh) * 2020-10-19 2022-04-22 中国移动通信有限公司研究院 一种机卡绑定方法、装置、设备及计算机可读存储介质
CN114979151A (zh) * 2022-07-27 2022-08-30 江苏中创供应链服务有限公司 一种跨境电商动态调整加签服务的方法
CN117319067A (zh) * 2023-10-24 2023-12-29 上海宁盾信息科技有限公司 一种基于数字证书的身份认证方法、系统及可读存储介质

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024678A (zh) * 2020-07-15 2022-02-08 中国移动通信有限公司研究院 一种信息处理方法及系统、相关装置
CN112861106B (zh) * 2021-02-26 2023-01-10 卓尔智联(武汉)研究院有限公司 数字证书处理方法及系统、电子设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106385315A (zh) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 一种数字证书管理方法及系统
CN107196966A (zh) * 2017-07-05 2017-09-22 北京信任度科技有限公司 基于区块链的多方信任的身份认证方法和系统
US20170316390A1 (en) * 2016-04-30 2017-11-02 Civic Technologies, Inc. Methods and systems of revoking an attestation transaction using a centralized or distributed ledger
CN109040082A (zh) * 2018-08-10 2018-12-18 阿里巴巴集团控股有限公司 用户的身份内容信息的认证、验证方法和装置

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101192926B (zh) * 2006-11-28 2011-03-30 北京握奇数据系统有限公司 帐号保护的方法及系统
CN102231729B (zh) * 2011-05-18 2014-09-17 浪潮通用软件有限公司 支持多种ca身份认证的方法
CN102271042B (zh) * 2011-08-25 2013-10-09 北京神州绿盟信息安全科技股份有限公司 数字证书认证方法、系统、USB Key设备和服务器
CN103037366B (zh) * 2011-09-30 2016-10-26 卓望数码技术(深圳)有限公司 基于非对称密码技术的移动终端用户认证方法及移动终端
CN103427995B (zh) * 2013-08-02 2017-01-25 北京星网锐捷网络技术有限公司 用户认证方法、ssl vpn服务器及ssl vpn系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170316390A1 (en) * 2016-04-30 2017-11-02 Civic Technologies, Inc. Methods and systems of revoking an attestation transaction using a centralized or distributed ledger
CN106385315A (zh) * 2016-08-30 2017-02-08 北京三未信安科技发展有限公司 一种数字证书管理方法及系统
CN107196966A (zh) * 2017-07-05 2017-09-22 北京信任度科技有限公司 基于区块链的多方信任的身份认证方法和系统
CN109040082A (zh) * 2018-08-10 2018-12-18 阿里巴巴集团控股有限公司 用户的身份内容信息的认证、验证方法和装置

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114389827A (zh) * 2020-10-19 2022-04-22 中国移动通信有限公司研究院 一种机卡绑定方法、装置、设备及计算机可读存储介质
CN114205076A (zh) * 2021-11-18 2022-03-18 广东电网有限责任公司 基于数字证书的量子密钥分发系统
CN114979151A (zh) * 2022-07-27 2022-08-30 江苏中创供应链服务有限公司 一种跨境电商动态调整加签服务的方法
CN114979151B (zh) * 2022-07-27 2022-11-11 江苏中创供应链服务有限公司 一种跨境电商动态调整加签服务的方法
CN117319067A (zh) * 2023-10-24 2023-12-29 上海宁盾信息科技有限公司 一种基于数字证书的身份认证方法、系统及可读存储介质

Also Published As

Publication number Publication date
CN111404859A (zh) 2020-07-10

Similar Documents

Publication Publication Date Title
US11223614B2 (en) Single sign on with multiple authentication factors
WO2020140914A1 (zh) 一种客户端认证方法、装置和计算机可读存储介质
US20210409397A1 (en) Systems and methods for managing digital identities associated with mobile devices
US9699180B2 (en) Cloud service authentication
US11003760B2 (en) User account recovery techniques using secret sharing scheme with trusted referee
US11757640B2 (en) Non-fungible token authentication
US9137228B1 (en) Augmenting service provider and third party authentication
WO2017000829A1 (zh) 一种基于生物特征的安全校验方法及客户端、服务器
US20210176229A1 (en) Single sign-on service authentication through a voice assistant
CN106575281B (zh) 用于实施托管的验证服务的系统和方法
TW201824052A (zh) 基於認證裝置的電子身份證認證服務系統
US20180278611A1 (en) System and method for securing an inter-process communication via a named pipe
WO2021190197A1 (zh) 生物支付设备的认证方法、装置、计算机设备和存储介质
CN111931144A (zh) 一种操作系统与业务应用统一安全登录认证方法及装置
EP3206329B1 (en) Security check method, device, terminal and server
JP7554197B2 (ja) ワンクリックログイン手順
TWM595792U (zh) 跨平台授權存取資源的授權存取系統
US10333707B1 (en) Systems and methods for user authentication
US11616780B2 (en) Security protection against threats to network identity providers
CN110521180B (zh) 用于证书签署请求处理的生物特征认证的系统和方法
US20230291565A1 (en) Data recovery for a computing device
TWI778319B (zh) 跨平台授權存取資源方法及授權存取系統
CN113987461A (zh) 身份认证方法、装置和电子设备
CN116761169A (zh) 实现移动终端可靠电子签章及验证处理的系统及其方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19907086

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 15/10/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19907086

Country of ref document: EP

Kind code of ref document: A1