CN106656507B - A kind of digital certificate method and device based on mobile terminal - Google Patents
A kind of digital certificate method and device based on mobile terminal Download PDFInfo
- Publication number
- CN106656507B CN106656507B CN201611049532.XA CN201611049532A CN106656507B CN 106656507 B CN106656507 B CN 106656507B CN 201611049532 A CN201611049532 A CN 201611049532A CN 106656507 B CN106656507 B CN 106656507B
- Authority
- CN
- China
- Prior art keywords
- certificate
- mobile terminal
- medium
- request
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The digital certificate method and device based on mobile terminal that the present invention provides a kind of, which comprises receive the certificate request request that user initiates in mobile terminal;According to certificate request request in user's client information judge the local hard medium certificate for whether being stored with mobile terminal;If the hard medium certificate of mobile terminal is locally stored, according to hard medium certificate and certificate request request soft-medium certificate and it is sent to mobile terminal;Sign test is carried out to the file signed using soft-medium certificate, and the mobile terminal is authenticated according to user's client information;When file sign test passes through and mobile terminal authentication passes through, signed again using hard medium certificate to the file signed;The file signed again through medium certificate really up to the mark verify and verification result is fed back into mobile terminal.The present invention had both solved the problems, such as that the safety of soft-medium certificate was not high, also meet user to hard medium certificate the needs of signing.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of digital certificate method and devices based on mobile terminal.
Background technique
With popularizing for mobile technology, mobile terminal has become people's work and life necessary article, mobile office, movement
Financial business also becomes trend, but no matter in the signature of mobile office file or mobile financial transaction, requires to pass through number
Word signature technology carries out digital certificate with ensuring information security property.In the commercial cipher system in China, due to safety concerns,
Ask commercial cipher using the hard implementation based on SM2, although user possesses the SM2 hardware certificate for closing rule, due to big portion
Point terminal does not have SM2 crypto module, and does not have the special interface that can be interacted with hardware encryption key, cannot achieve
File or data based on SM2 certificate signature and sign test, limited to the popularization and use of China's commercial cipher algorithm.In movement
It is mostly signed using soft-medium certificate (such as RSA certificate) in terminal, or using hard medium certificate in setting with USB interface
Standby upper signature.File and data on mobile terminal can not be converted into based on hard medium certificate (such as in a secure manner
SM2 signature file), and with the RSA user being digitally signed and the use signed using SM2 certificate on mobile terminal
Family, due to certificate format difference, intercommunication and can not be recognized each other although in reality being an entity.
Summary of the invention
In order to solve the above technical problems, the present invention provides a kind of digital certificate method and device based on mobile terminal.
On the one hand the embodiment of the present invention provides a kind of digital certificate method based on mobile terminal, the digital certificate method includes:
Receive the certificate request request that user initiates in mobile terminal;
Judge locally whether be stored with the hard of the mobile terminal according to user's client information in certificate request request
Medium certificate;
If the hard medium certificate of the mobile terminal is locally stored, according to the hard medium certificate and the certificate request
Request soft-medium certificate is simultaneously sent to the mobile terminal, so that the mobile terminal is using soft-medium certificate to be signed
File is signed;
Sign test is carried out to the file signed using the soft-medium certificate, and according to the user end information to the shifting
Dynamic terminal is authenticated;
When the file sign test passes through and the mobile terminal authentication passes through, using the hard medium certificate to having signed
The file of name is signed again;
The file signed again by the hard medium certificate verify and verification result is fed back into the movement
Terminal.
On the other hand the embodiment of the present invention additionally provides a kind of electronic authentication device based on mobile terminal, the electronics is recognized
Card device includes:
Certificate request receiving unit, the certificate request request initiated for receiving user in mobile terminal;
Judging unit, for being judged described in local whether be stored with according to user's client information in certificate request request
The hard medium certificate of mobile terminal;
Soft-medium certificate request unit, for according to the hard medium certificate and the certificate request request soft-medium
Certificate is simultaneously sent to the mobile terminal, signs so that the mobile terminal treats signature file using soft-medium certificate;
Sign test and authentication unit, for carrying out sign test to the file signed using the soft-medium certificate, and according to institute
User's client information is stated to authenticate the mobile terminal;
Signature updating unit, for being signed again using the hard medium certificate to the file signed;
Signature verification unit, for carrying out verifying to the file signed again by the hard medium certificate and tying verifying
Fruit feeds back to the mobile terminal.
The present invention it is a kind of based on mobile terminal and user's feature by way of realize hard medium certificate and soft-medium card
Book association, generates the signature file based on hard medium certificate, realizes the information interconnection and intercommunication of same user, solve soft-medium card
The easily stolen problem of book, and hard medium certificate and soft-medium certificate are realized in the mutual use of mobile terminal, meeting user needs
Want the demand of hard medium certificate signature.File or data are passed through into soft-medium certificate signature and transmitted, ensure that the complete of information
Property and non repudiation, while transmitting certificate related information and confirms user for matching hard medium certificate in a secured manner
The authenticity of identity is signed eventually by hard medium certificate to obtain with safer digital signature file.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the flow diagram of digital certificate method of the embodiment of the present invention based on mobile terminal;
Fig. 2 is the structural schematic diagram of the electronic authentication device based on mobile terminal of the embodiment of the present invention;
Fig. 3 is the certificate request and downloading flow diagram of the embodiment of the present invention;
Fig. 4 is the digital signature flow diagram of the embodiment of the present invention;
Fig. 5 is signature verification of embodiment of the present invention flow diagram;
Fig. 6 is the authentication device and the connection schematic diagram of user terminal and digital certificate service organization of the embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The flow diagram of digital certificate method of the position Fig. 1 embodiment of the present invention based on mobile terminal, as shown in Figure 1, should
Method mainly comprises the steps that
Step S1, the certificate request request that user initiates in mobile terminal is received.It is common, it is wrapped in certificate request request
Include the user's client information and user demand information for initiating request.User's client information for example can for mobile terminal identity information and
User's information, mobile terminal includes mobile phone, but is not limited only to mobile phone, and the present invention only takes the mobile phone as an example and is illustrated, and is not
Limitation of the present invention.When mobile terminal is mobile phone, identity information can be the International Mobile Equipment Identity code of mobile phone
(IMEI, International Mobile Equipment Identity), user's information can be on SIM cards of mobile phones
International mobile subscriber identity (IMSI, International Mobile Subscriber Identification
Number).User demand information generally includes routine information used in application certificate, such as certificate type (personal or enterprise),
User information (name, company, phone, address etc.) and certificate template (double certificate template, signing certificate template, encrypted certificate mould
Plate) etc. certificate requests relevant information.
Step S2, according to certificate request request in user's client information judge local whether be stored with the mobile terminal
Hard medium certificate.
Hard medium certificate refers to the certificate with specialised hardware storage medium, such as is demonstrate,proved using the SM2 that national secret algorithm generates
Book is exactly a kind of hard medium certificate, and special crypto module is needed to save, such as user is when handling ebanking services, in order to
The loss of certificate is prevented, SM2 certificate can only download in the U-Key hardware device of similar USB flash disk.
If the hard medium certificate of the mobile terminal step S3, is locally stored, according to the hard medium certificate and institute
It states certificate request request soft-medium certificate and is sent to the mobile terminal, so that the mobile terminal is demonstrate,proved using soft-medium
Book treats signature file and signs.
Step S4, sign test, and information according to the user end are carried out to the file signed using the soft-medium certificate
The mobile terminal is authenticated.
Step S5, it when the file sign test passes through and the mobile terminal authentication passes through, is demonstrate,proved using the hard medium
Book signs again to the file signed.
Step S6, the file signed again by the hard medium certificate verify and verification result is fed back into institute
State mobile terminal.
Present invention implementation solves the problems, such as that soft-medium certificate is easily stolen, and realizes hard medium certificate and soft-medium card
Book meets the demand that user needs hard medium certificate signature in the mutual use of mobile terminal.
When the judging result of step S2 is no, illustrate that the mobile terminal does not have hard medium certificate, then needing basis
User demand information in above-mentioned certificate request request goes to apply for hard medium certificate (step S7), wherein the user demand information
Including application certificate type, user information and certificate template etc..
In one embodiment, when answering medium certificate firmly using step S7 acquisition, usually user demand information is sent to
Digital certificate service organization (Certificate Authority, CA) applies for hard medium certificate, and CA mechanism is according to user demand
The hard medium certificate that information is issued stores after obtaining the hard medium certificate that CA mechanism is generated according to above-mentioned user demand information to close
Mobile terminal of the code module without being sent to user.
In one embodiment, it when obtaining the soft-medium certificate of the mobile terminal using step S3, needs the movement first
The finger print information of the hard medium certificate of terminal is associated with user's client information (Termination ID and user's information) of the mobile terminal,
Certificate associated data is obtained, the certificate associated data and user demand information are then sent to CA mechanism application soft-medium card
Book, user demand information herein may be the same or different with information used when hard medium certificate is applied for, depending on user's
Depending on actual demand.It is sent out after the soft-medium certificate to be obtained generated to CA mechanism according to above-mentioned associated data and user demand information
Corresponding customer mobile terminal is given, so far, completes the process of certificate request and downloading.
After receiving data or file of the mobile terminal using its soft-medium certificate signature applied, need using upper
It states soft-medium certificate and sign test is carried out to the data or file, and according to the ID of this terminal and user's information to mobile terminal
Terminal authentication and user's certification are carried out respectively, only when sign test passes through and terminal authentication, user's certification pass through, then are used
The hard medium certificate of the mobile terminal replaces the signature of soft-medium certificate on above-mentioned data or file, completes hard medium certificate
Signature.
In one embodiment, when being verified using step S6 to the file signed again by the hard medium certificate,
The public key certificate for needing to obtain CA mechanism, using the public key certificate to the data or text signed again by above-mentioned hard medium certificate
Part is digitally signed certification.
The embodiment of the present invention solves the problems, such as that soft-medium certificate is easily stolen, and realizes hard medium certificate and soft-medium
Certificate had both solved the problems, such as that the safety of soft-medium certificate was not high in the mutual use of mobile terminal, the i.e. embodiment of the present invention, also full
The demand that sufficient user signs to hard medium certificate.
Based on inventive concept identical with the digital certificate method shown in FIG. 1 based on mobile terminal, the embodiment of the present invention
A kind of electronic authentication device based on mobile terminal is additionally provided, as described in following example.Since this is based on mobile terminal
The principle that electronic authentication device solves the problems, such as is similar to the digital certificate method based on mobile terminal, therefore should be based on mobile terminal
The implementation of electronic authentication device may refer to the implementation of the digital certificate method based on mobile terminal, it is no longer superfluous to repeat place
It states.
Fig. 2 is the structural schematic diagram of the electronic authentication device based on mobile terminal of the embodiment of the present invention, as shown in Fig. 2,
The authentication device specifically includes that certificate request receiving unit 1, judging unit 2, soft-medium certificate request unit 3, sign test and certification
Unit 4, signature updating unit 5 and signature verification unit 6.Wherein, certificate request receiving unit 1 is for receiving user in movement
The certificate request request that terminal is initiated;Judging unit 2 is used to judge this according to user's client information in certificate request request
Whether ground is stored with the hard medium certificate of the mobile terminal;Soft-medium certificate request unit 3 is used to be demonstrate,proved according to the hard medium
Book and the certificate request request soft-medium certificate are simultaneously sent to the mobile terminal, so that the mobile terminal is using soft
Medium certificate treats signature file and signs;Sign test and authentication unit 4 are used for using the soft-medium certificate to having signed
File carries out sign test, and information authenticates the mobile terminal according to the user end;Signature updating unit 5 is for utilizing
The hard medium certificate signs again to the file signed;Signature verification unit 6 is used to demonstrate,prove by the hard medium
The file that book is signed again verify and verification result is fed back to the mobile terminal.
The embodiment of the present invention solves the problems, such as that soft-medium certificate is easily stolen, and realizes hard medium certificate and soft-medium
Mutual use of the certificate in mobile terminal.
In one embodiment, soft-medium certificate request unit 3 generally includes relating module, sending module and receiving module.
Wherein, relating module is used to the finger print information of the hard medium certificate and the user terminal information association obtaining certificate association
Data;Sending module is used to the certificate associated data and second user demand information being sent to digital certificate service organization Shen
It please soft-medium certificate;Receiving module is for obtaining digital certificate service organization according to the certificate associated data and second user need
The soft-medium certificate for asking information to generate.
In one embodiment, signature verification unit 6 includes a public key acquisition module and a signature verification module, public key acquisition
Module is used to obtain the public key certificate of digital certificate service organization, and signature verification module is used for using the public key certificate to process
The file that the hard medium certificate is signed again is digitally signed verifying.
In one embodiment, above-mentioned authentication device further includes a hard medium certificate application unit 7 and crypto module 8.Its
In, hard medium certificate application unit 7 is used for according to the first hard medium of user demand acquisition of information in certificate request request
Certificate, the first user demand information include application certificate type, user information and certificate template;Crypto module 8 is for depositing
Medium certificate is answered described in storage.
Normally, hard medium certificate application unit 7 includes a sending module and a receiving module, and sending module is used for institute
It states the first user demand information and is sent to the hard medium certificate of digital certificate service organization application, receiving module is recognized for obtaining electronics
The hard medium certificate that card service organization generates according to the first user demand information.
The embodiment of the present invention solves soft Jie by providing a kind of digital certificate method and device based on mobile terminal
The easily stolen problem of cross-examination book, and hard medium certificate and soft-medium certificate are realized in the mutual use of mobile terminal.
The beneficial effect of the digital certificate method and device based on mobile terminal of embodiment for a better understanding of the present invention
Fruit is illustrated below with reference to specific example.
Fig. 3 is that certificate request and downloading flow diagram are carried out using the embodiment of the present invention.When specific implementation, the present invention is real
The electronic authentication device for applying example can be fabricated to the form of certificate verification platform, as shown in figure 3, user initiates on mobile terminals
When certificate request is requested, certificate verification platform receives the request of the application comprising data 1 and data 2 (step is 1.), wherein data 1
IMSI number on IMEI number comprising terminal and user's SIM card, user required for CA mechanism when data 2 mainly include application certificate
The information such as the routine information of offer, such as integer type, user contact details, certificate template.Certificate verification platform by data 2 with
The mode of safety is sent to CA mechanism (step is 2.), for applying for hard medium certificate (such as SM2 certificate).CA mechanism issues hard medium
After certificate, which is stored in local crypto module by certificate verification platform, and obtains the finger print information of the certificate, this is referred to
The association of line information and date 1 generates certificate associated data, regard certificate related information and data 2 as application information (step together
3.), it is sent to CA mechanism in a secure manner, applies for soft-medium certificate.After receiving the soft-medium certificate that CA mechanism issues, certificate
The soft-medium certificate is sent to mobile terminal (step is 4.) by authentication platform in a secure manner again, completes certificate request and downloading
Process.3. and 4. step obtains terminal if the mobile terminal of user has hard medium certificate, then only need to be according to step shown in Fig. 3
Take soft-medium certificate.
Fig. 4 is the flow diagram being digitally signed using the embodiment of the present invention.As shown in figure 4, when having data or text
When part needs Mobile terminal signature, mobile terminal signs data to be signed or file using its soft-medium certificate obtained
Name, then certificate verification platform authenticates terminal and user according to the data 1 of acquisition and utilizes soft-medium certificate to right
The data or file signed carry out sign test, judge whether certificate matches with terminal, if sign test passes through and the certification of terminal and people
Pass through, is replaced soft-medium certificate signature using hard medium certificate by platform.
For terminal when signing to data, certification soft-medium certificate signs to file or data, it is ensured that letter
The safety of breath, since soft-medium certificate is generally stored inside in move media, can random copy propagation, not can guarantee certificate
The true identity of holder, the true identity of 1 authentication authorization and accounting certificate holder of data, by the identity of soft-medium certificate and terminal and people
Binding, to guarantee safety.
Fig. 5 is the flow diagram that signature verification is carried out using the embodiment of the present invention.As shown in figure 5, utilizing Fig. 4 institute
After showing that process completes hard medium certificate signature, the signature verification module of certificate verification platform also needs to obtain public key from CA mechanism
Certificate is digitally signed verifying to the data or file signed with hard medium certificate, and verification result is returned to movement eventually
End.Optionally, above-mentioned signature verification module can independent in this present embodiment certificate verification platform and set, the embodiment of the present invention
It is only illustrated so that certificate verification platform includes signature verification module as an example, is not intended as limitation of the present invention.
Fig. 6 is the authentication device and the connection schematic diagram of user terminal and digital certificate service organization of the embodiment of the present invention.Such as
Shown in Fig. 6, the user of mobile terminal is the party in request of certificate or digital signature, for guarantee certificate verification platform safety,
The data of all transmission either certificate request data or signed data require to carry out simple disease by disinfection server
Poison scanning, just transfers data to certificate verification platform in the case where detecting no abnormality seen.Certificate verification platform is by transmitting
Data carry out certificate request or signature replacement operation.If certificate request operates, certificate verification platform and CA mechanism are carried out
Interaction, applies for hard medium certificate and/or soft-medium certificate.If being digitally signed operation, certificate verification platform is completed signature and is replaced
It changes jobs, and the data for completing signature is back to mobile terminal.If carrying out the signature verification operations of signature file or data,
Signature file and data carry out sign test operation by signature verification module, and confirm user certificate status (come into force, freeze,
Revoke), if user certificate is active states and sign test passes through, return is proved to be successful as a result, otherwise failing for sign test.
The embodiment of the present invention solves soft Jie by providing a kind of digital certificate method and device based on mobile terminal
The easily stolen problem of cross-examination book, and hard medium certificate and soft-medium certificate are realized in the mutual use of mobile terminal.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Specific embodiment is applied in the present invention, and principle and implementation of the present invention are described, above embodiments
Explanation be merely used to help understand method and its core concept of the invention;At the same time, for those skilled in the art,
According to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion in this specification
Appearance should not be construed as limiting the invention.
Claims (9)
1. a kind of digital certificate method based on mobile terminal, which is characterized in that the digital certificate method includes:
Receive the certificate request request that user initiates in mobile terminal;
The local hard medium for whether being stored with the mobile terminal is judged according to user's client information in certificate request request
Certificate;
If the hard medium certificate of the mobile terminal is locally stored, requested according to the hard medium certificate and the certificate request
It obtains soft-medium certificate and is sent to the mobile terminal, so that the mobile terminal treats signature file using soft-medium certificate
It signs;
Sign test is carried out to the file signed using the soft-medium certificate, and information is whole to the movement according to the user end
End is authenticated;
When the file sign test passes through and the mobile terminal authentication passes through, using the hard medium certificate to having signed
File is signed again;
The file signed again by the hard medium certificate verify and verification result is fed back into the mobile terminal;
Wherein, described according to the hard medium certificate and the certificate request request soft-medium certificate, it specifically includes:
By the finger print information of the hard medium certificate and the user terminal information association, certificate associated data is obtained;By the card
Book associated data and second user demand information are sent to digital certificate service organization application soft-medium certificate;Obtain digital certificate
The soft-medium certificate that service organization generates according to the certificate associated data and second user demand information.
2. the digital certificate method of mobile terminal according to claim 1, which is characterized in that described according to the certificate Shen
User's client information in please requesting judges that it is no for locally whether being stored with the judging result of the hard medium certificate of the mobile terminal
When, the digital certificate method further include:
According to the first hard medium certificate of user demand acquisition of information in certificate request request, the first user demand letter
Breath includes application certificate type, user information and certificate template.
3. the digital certificate method of mobile terminal according to claim 2, which is characterized in that described according to the certificate Shen
The first hard medium certificate of user demand acquisition of information in please requesting, specifically includes:
The first user demand information is sent to digital certificate service organization and applies for hard medium certificate;
Obtain the hard medium certificate that digital certificate service organization generates according to the first user demand information.
4. the digital certificate method of mobile terminal according to claim 3, which is characterized in that the first user demand letter
It ceases identical or different with the second user demand information.
5. the digital certificate method of mobile terminal according to claim 1, which is characterized in that described pair is passed through hard Jie
The file that cross-examination book is signed again is verified, and is specifically included:
Obtain the public key certificate of digital certificate service organization;
Verifying is digitally signed to the file signed again by the hard medium certificate using the public key certificate.
6. a kind of electronic authentication device based on mobile terminal, which is characterized in that the electronic authentication device includes:
Certificate request receiving unit, the certificate request request initiated for receiving user in mobile terminal;
Judging unit, for judging locally whether be stored with the movement according to user's client information in certificate request request
The hard medium certificate of terminal;
Soft-medium certificate request unit, for according to the hard medium certificate and the certificate request request soft-medium certificate
And it is sent to the mobile terminal, it signs so that the mobile terminal treats signature file using soft-medium certificate;
Sign test and authentication unit, for carrying out sign test to the file signed using the soft-medium certificate, and according to the use
Family client information authenticates the mobile terminal;
Signature updating unit, for being signed again using the hard medium certificate to the file signed;
Signature verification unit, for the file signed again by the hard medium certificate carry out verifying and by verification result it is anti-
It feeds the mobile terminal;
Wherein, the soft-medium certificate request unit includes: relating module, for by the finger print information of the hard medium certificate with
The user terminal information association, obtains certificate associated data;Second sending module is used for the certificate associated data and second
User demand information is sent to digital certificate service organization application soft-medium certificate;Second receiving module is recognized for obtaining electronics
Demonstrate,prove the soft-medium certificate that service organization generates according to the certificate associated data and second user demand information.
7. the electronic authentication device according to claim 6 based on mobile terminal, which is characterized in that the digital certificate dress
It sets further include:
Hard medium certificate application unit, for according to the first hard medium of user demand acquisition of information in certificate request request
Certificate, the first user demand information include application certificate type, user information and certificate template;
Crypto module, for storing the hard medium certificate.
8. the electronic authentication device according to claim 7 based on mobile terminal, which is characterized in that the hard medium certificate
Application unit includes:
First sending module applies for that hard medium is demonstrate,proved for the first user demand information to be sent to digital certificate service organization
Book;
First receiving module, the hard medium generated for obtaining digital certificate service organization according to the first user demand information
Certificate.
9. the electronic authentication device according to claim 6 based on mobile terminal, which is characterized in that the signature verification list
Member includes:
Public key acquisition module, for obtaining the public key certificate of digital certificate service organization;
Signature verification module, for being counted using the public key certificate to the file signed again by the hard medium certificate
Word signature verification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611049532.XA CN106656507B (en) | 2016-11-24 | 2016-11-24 | A kind of digital certificate method and device based on mobile terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611049532.XA CN106656507B (en) | 2016-11-24 | 2016-11-24 | A kind of digital certificate method and device based on mobile terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106656507A CN106656507A (en) | 2017-05-10 |
CN106656507B true CN106656507B (en) | 2019-10-11 |
Family
ID=58811806
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611049532.XA Active CN106656507B (en) | 2016-11-24 | 2016-11-24 | A kind of digital certificate method and device based on mobile terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106656507B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107196767A (en) * | 2017-07-26 | 2017-09-22 | 成都三零盛安信息***有限公司 | Certificate request method and device |
CN109802833A (en) * | 2017-11-16 | 2019-05-24 | 航天信息股份有限公司 | The certificate management method and device of mobile terminal |
CN108683504B (en) * | 2018-04-24 | 2021-06-29 | 湖南东方华龙信息科技有限公司 | Certificate issuing method based on multi-identity |
CN112395579A (en) * | 2020-11-13 | 2021-02-23 | 中国工商银行股份有限公司 | Electronic signature generation method and device based on face recognition and cloud certificate |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102291376A (en) * | 2010-06-18 | 2011-12-21 | 普天信息技术研究院有限公司 | Method and system for realizing mobile terminal-supporting electronic transaction |
CN105323062A (en) * | 2014-06-03 | 2016-02-10 | 北京收付宝科技有限公司 | Mobile terminal digital certificate electronic signature method |
-
2016
- 2016-11-24 CN CN201611049532.XA patent/CN106656507B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102291376A (en) * | 2010-06-18 | 2011-12-21 | 普天信息技术研究院有限公司 | Method and system for realizing mobile terminal-supporting electronic transaction |
CN105323062A (en) * | 2014-06-03 | 2016-02-10 | 北京收付宝科技有限公司 | Mobile terminal digital certificate electronic signature method |
Also Published As
Publication number | Publication date |
---|---|
CN106656507A (en) | 2017-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11258777B2 (en) | Method for carrying out a two-factor authentication | |
CN105991287B (en) | A kind of generation of signed data and finger print identifying requesting method and device | |
JP6586446B2 (en) | Method for confirming identification information of user of communication terminal and related system | |
JP5601729B2 (en) | How to log into a mobile radio network | |
CN104618116B (en) | A kind of cooperative digital signature system and its method | |
CN106656507B (en) | A kind of digital certificate method and device based on mobile terminal | |
CN102202306B (en) | Mobile security authentication terminal and method | |
US8302175B2 (en) | Method and system for electronic reauthentication of a communication party | |
US20170070353A1 (en) | Method of managing credentials in a server and a client system | |
TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
US11483155B2 (en) | Access control using proof-of-possession token | |
CN110493237A (en) | Identity management method, device, computer equipment and storage medium | |
CN106452796B (en) | Authentication authority method, tax-related service platform and relevant device | |
CN109981287A (en) | A kind of code signature method and its storage medium | |
CN112084521A (en) | Unstructured data processing method, device and system for block chain | |
CN113364597A (en) | Privacy information proving method and system based on block chain | |
EP3851983B1 (en) | Authorization method, auxiliary authorization component, management server and computer readable medium | |
CN110335040A (en) | Resource transfers method, apparatus, electronic equipment and storage medium | |
CN114519206B (en) | Method for anonymously signing electronic contract and signature system | |
CN105743651B (en) | The card in chip secure domain is using method, apparatus and application terminal | |
CN111062059B (en) | Method and device for service processing | |
CN103139210A (en) | Method of safety authentication | |
CN103312511A (en) | Information confirming system and information confirming method | |
CN113328854B (en) | Service processing method and system based on block chain | |
CN102693478A (en) | Trading method of bid security during bidding procedure and system thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20211230 Address after: 100191 No. 40, Haidian District, Beijing, Xueyuan Road Patentee after: CHINA ACADEMY OF INFORMATION AND COMMUNICATIONS Address before: 100191 No. 52 Garden North Road, Beijing, Haidian District Patentee before: CHINA ACADEME OF TELECOMMUNICATION RESEARCH OF MIIT |
|
TR01 | Transfer of patent right |