CN106656507B - A kind of digital certificate method and device based on mobile terminal - Google Patents

A kind of digital certificate method and device based on mobile terminal Download PDF

Info

Publication number
CN106656507B
CN106656507B CN201611049532.XA CN201611049532A CN106656507B CN 106656507 B CN106656507 B CN 106656507B CN 201611049532 A CN201611049532 A CN 201611049532A CN 106656507 B CN106656507 B CN 106656507B
Authority
CN
China
Prior art keywords
certificate
mobile terminal
medium
request
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611049532.XA
Other languages
Chinese (zh)
Other versions
CN106656507A (en
Inventor
董霁
王宇晓
国炜
袁琦
任湧欣
谢春霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Information and Communications Technology CAICT
Original Assignee
China Academy of Telecommunications Research CATR
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Telecommunications Research CATR filed Critical China Academy of Telecommunications Research CATR
Priority to CN201611049532.XA priority Critical patent/CN106656507B/en
Publication of CN106656507A publication Critical patent/CN106656507A/en
Application granted granted Critical
Publication of CN106656507B publication Critical patent/CN106656507B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The digital certificate method and device based on mobile terminal that the present invention provides a kind of, which comprises receive the certificate request request that user initiates in mobile terminal;According to certificate request request in user's client information judge the local hard medium certificate for whether being stored with mobile terminal;If the hard medium certificate of mobile terminal is locally stored, according to hard medium certificate and certificate request request soft-medium certificate and it is sent to mobile terminal;Sign test is carried out to the file signed using soft-medium certificate, and the mobile terminal is authenticated according to user's client information;When file sign test passes through and mobile terminal authentication passes through, signed again using hard medium certificate to the file signed;The file signed again through medium certificate really up to the mark verify and verification result is fed back into mobile terminal.The present invention had both solved the problems, such as that the safety of soft-medium certificate was not high, also meet user to hard medium certificate the needs of signing.

Description

A kind of digital certificate method and device based on mobile terminal
Technical field
The present invention relates to field of communication technology more particularly to a kind of digital certificate method and devices based on mobile terminal.
Background technique
With popularizing for mobile technology, mobile terminal has become people's work and life necessary article, mobile office, movement Financial business also becomes trend, but no matter in the signature of mobile office file or mobile financial transaction, requires to pass through number Word signature technology carries out digital certificate with ensuring information security property.In the commercial cipher system in China, due to safety concerns, Ask commercial cipher using the hard implementation based on SM2, although user possesses the SM2 hardware certificate for closing rule, due to big portion Point terminal does not have SM2 crypto module, and does not have the special interface that can be interacted with hardware encryption key, cannot achieve File or data based on SM2 certificate signature and sign test, limited to the popularization and use of China's commercial cipher algorithm.In movement It is mostly signed using soft-medium certificate (such as RSA certificate) in terminal, or using hard medium certificate in setting with USB interface Standby upper signature.File and data on mobile terminal can not be converted into based on hard medium certificate (such as in a secure manner SM2 signature file), and with the RSA user being digitally signed and the use signed using SM2 certificate on mobile terminal Family, due to certificate format difference, intercommunication and can not be recognized each other although in reality being an entity.
Summary of the invention
In order to solve the above technical problems, the present invention provides a kind of digital certificate method and device based on mobile terminal. On the one hand the embodiment of the present invention provides a kind of digital certificate method based on mobile terminal, the digital certificate method includes:
Receive the certificate request request that user initiates in mobile terminal;
Judge locally whether be stored with the hard of the mobile terminal according to user's client information in certificate request request Medium certificate;
If the hard medium certificate of the mobile terminal is locally stored, according to the hard medium certificate and the certificate request Request soft-medium certificate is simultaneously sent to the mobile terminal, so that the mobile terminal is using soft-medium certificate to be signed File is signed;
Sign test is carried out to the file signed using the soft-medium certificate, and according to the user end information to the shifting Dynamic terminal is authenticated;
When the file sign test passes through and the mobile terminal authentication passes through, using the hard medium certificate to having signed The file of name is signed again;
The file signed again by the hard medium certificate verify and verification result is fed back into the movement Terminal.
On the other hand the embodiment of the present invention additionally provides a kind of electronic authentication device based on mobile terminal, the electronics is recognized Card device includes:
Certificate request receiving unit, the certificate request request initiated for receiving user in mobile terminal;
Judging unit, for being judged described in local whether be stored with according to user's client information in certificate request request The hard medium certificate of mobile terminal;
Soft-medium certificate request unit, for according to the hard medium certificate and the certificate request request soft-medium Certificate is simultaneously sent to the mobile terminal, signs so that the mobile terminal treats signature file using soft-medium certificate;
Sign test and authentication unit, for carrying out sign test to the file signed using the soft-medium certificate, and according to institute User's client information is stated to authenticate the mobile terminal;
Signature updating unit, for being signed again using the hard medium certificate to the file signed;
Signature verification unit, for carrying out verifying to the file signed again by the hard medium certificate and tying verifying Fruit feeds back to the mobile terminal.
The present invention it is a kind of based on mobile terminal and user's feature by way of realize hard medium certificate and soft-medium card Book association, generates the signature file based on hard medium certificate, realizes the information interconnection and intercommunication of same user, solve soft-medium card The easily stolen problem of book, and hard medium certificate and soft-medium certificate are realized in the mutual use of mobile terminal, meeting user needs Want the demand of hard medium certificate signature.File or data are passed through into soft-medium certificate signature and transmitted, ensure that the complete of information Property and non repudiation, while transmitting certificate related information and confirms user for matching hard medium certificate in a secured manner The authenticity of identity is signed eventually by hard medium certificate to obtain with safer digital signature file.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is the flow diagram of digital certificate method of the embodiment of the present invention based on mobile terminal;
Fig. 2 is the structural schematic diagram of the electronic authentication device based on mobile terminal of the embodiment of the present invention;
Fig. 3 is the certificate request and downloading flow diagram of the embodiment of the present invention;
Fig. 4 is the digital signature flow diagram of the embodiment of the present invention;
Fig. 5 is signature verification of embodiment of the present invention flow diagram;
Fig. 6 is the authentication device and the connection schematic diagram of user terminal and digital certificate service organization of the embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
The flow diagram of digital certificate method of the position Fig. 1 embodiment of the present invention based on mobile terminal, as shown in Figure 1, should Method mainly comprises the steps that
Step S1, the certificate request request that user initiates in mobile terminal is received.It is common, it is wrapped in certificate request request Include the user's client information and user demand information for initiating request.User's client information for example can for mobile terminal identity information and User's information, mobile terminal includes mobile phone, but is not limited only to mobile phone, and the present invention only takes the mobile phone as an example and is illustrated, and is not Limitation of the present invention.When mobile terminal is mobile phone, identity information can be the International Mobile Equipment Identity code of mobile phone (IMEI, International Mobile Equipment Identity), user's information can be on SIM cards of mobile phones International mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number).User demand information generally includes routine information used in application certificate, such as certificate type (personal or enterprise), User information (name, company, phone, address etc.) and certificate template (double certificate template, signing certificate template, encrypted certificate mould Plate) etc. certificate requests relevant information.
Step S2, according to certificate request request in user's client information judge local whether be stored with the mobile terminal Hard medium certificate.
Hard medium certificate refers to the certificate with specialised hardware storage medium, such as is demonstrate,proved using the SM2 that national secret algorithm generates Book is exactly a kind of hard medium certificate, and special crypto module is needed to save, such as user is when handling ebanking services, in order to The loss of certificate is prevented, SM2 certificate can only download in the U-Key hardware device of similar USB flash disk.
If the hard medium certificate of the mobile terminal step S3, is locally stored, according to the hard medium certificate and institute It states certificate request request soft-medium certificate and is sent to the mobile terminal, so that the mobile terminal is demonstrate,proved using soft-medium Book treats signature file and signs.
Step S4, sign test, and information according to the user end are carried out to the file signed using the soft-medium certificate The mobile terminal is authenticated.
Step S5, it when the file sign test passes through and the mobile terminal authentication passes through, is demonstrate,proved using the hard medium Book signs again to the file signed.
Step S6, the file signed again by the hard medium certificate verify and verification result is fed back into institute State mobile terminal.
Present invention implementation solves the problems, such as that soft-medium certificate is easily stolen, and realizes hard medium certificate and soft-medium card Book meets the demand that user needs hard medium certificate signature in the mutual use of mobile terminal.
When the judging result of step S2 is no, illustrate that the mobile terminal does not have hard medium certificate, then needing basis User demand information in above-mentioned certificate request request goes to apply for hard medium certificate (step S7), wherein the user demand information Including application certificate type, user information and certificate template etc..
In one embodiment, when answering medium certificate firmly using step S7 acquisition, usually user demand information is sent to Digital certificate service organization (Certificate Authority, CA) applies for hard medium certificate, and CA mechanism is according to user demand The hard medium certificate that information is issued stores after obtaining the hard medium certificate that CA mechanism is generated according to above-mentioned user demand information to close Mobile terminal of the code module without being sent to user.
In one embodiment, it when obtaining the soft-medium certificate of the mobile terminal using step S3, needs the movement first The finger print information of the hard medium certificate of terminal is associated with user's client information (Termination ID and user's information) of the mobile terminal, Certificate associated data is obtained, the certificate associated data and user demand information are then sent to CA mechanism application soft-medium card Book, user demand information herein may be the same or different with information used when hard medium certificate is applied for, depending on user's Depending on actual demand.It is sent out after the soft-medium certificate to be obtained generated to CA mechanism according to above-mentioned associated data and user demand information Corresponding customer mobile terminal is given, so far, completes the process of certificate request and downloading.
After receiving data or file of the mobile terminal using its soft-medium certificate signature applied, need using upper It states soft-medium certificate and sign test is carried out to the data or file, and according to the ID of this terminal and user's information to mobile terminal Terminal authentication and user's certification are carried out respectively, only when sign test passes through and terminal authentication, user's certification pass through, then are used The hard medium certificate of the mobile terminal replaces the signature of soft-medium certificate on above-mentioned data or file, completes hard medium certificate Signature.
In one embodiment, when being verified using step S6 to the file signed again by the hard medium certificate, The public key certificate for needing to obtain CA mechanism, using the public key certificate to the data or text signed again by above-mentioned hard medium certificate Part is digitally signed certification.
The embodiment of the present invention solves the problems, such as that soft-medium certificate is easily stolen, and realizes hard medium certificate and soft-medium Certificate had both solved the problems, such as that the safety of soft-medium certificate was not high in the mutual use of mobile terminal, the i.e. embodiment of the present invention, also full The demand that sufficient user signs to hard medium certificate.
Based on inventive concept identical with the digital certificate method shown in FIG. 1 based on mobile terminal, the embodiment of the present invention A kind of electronic authentication device based on mobile terminal is additionally provided, as described in following example.Since this is based on mobile terminal The principle that electronic authentication device solves the problems, such as is similar to the digital certificate method based on mobile terminal, therefore should be based on mobile terminal The implementation of electronic authentication device may refer to the implementation of the digital certificate method based on mobile terminal, it is no longer superfluous to repeat place It states.
Fig. 2 is the structural schematic diagram of the electronic authentication device based on mobile terminal of the embodiment of the present invention, as shown in Fig. 2, The authentication device specifically includes that certificate request receiving unit 1, judging unit 2, soft-medium certificate request unit 3, sign test and certification Unit 4, signature updating unit 5 and signature verification unit 6.Wherein, certificate request receiving unit 1 is for receiving user in movement The certificate request request that terminal is initiated;Judging unit 2 is used to judge this according to user's client information in certificate request request Whether ground is stored with the hard medium certificate of the mobile terminal;Soft-medium certificate request unit 3 is used to be demonstrate,proved according to the hard medium Book and the certificate request request soft-medium certificate are simultaneously sent to the mobile terminal, so that the mobile terminal is using soft Medium certificate treats signature file and signs;Sign test and authentication unit 4 are used for using the soft-medium certificate to having signed File carries out sign test, and information authenticates the mobile terminal according to the user end;Signature updating unit 5 is for utilizing The hard medium certificate signs again to the file signed;Signature verification unit 6 is used to demonstrate,prove by the hard medium The file that book is signed again verify and verification result is fed back to the mobile terminal.
The embodiment of the present invention solves the problems, such as that soft-medium certificate is easily stolen, and realizes hard medium certificate and soft-medium Mutual use of the certificate in mobile terminal.
In one embodiment, soft-medium certificate request unit 3 generally includes relating module, sending module and receiving module. Wherein, relating module is used to the finger print information of the hard medium certificate and the user terminal information association obtaining certificate association Data;Sending module is used to the certificate associated data and second user demand information being sent to digital certificate service organization Shen It please soft-medium certificate;Receiving module is for obtaining digital certificate service organization according to the certificate associated data and second user need The soft-medium certificate for asking information to generate.
In one embodiment, signature verification unit 6 includes a public key acquisition module and a signature verification module, public key acquisition Module is used to obtain the public key certificate of digital certificate service organization, and signature verification module is used for using the public key certificate to process The file that the hard medium certificate is signed again is digitally signed verifying.
In one embodiment, above-mentioned authentication device further includes a hard medium certificate application unit 7 and crypto module 8.Its In, hard medium certificate application unit 7 is used for according to the first hard medium of user demand acquisition of information in certificate request request Certificate, the first user demand information include application certificate type, user information and certificate template;Crypto module 8 is for depositing Medium certificate is answered described in storage.
Normally, hard medium certificate application unit 7 includes a sending module and a receiving module, and sending module is used for institute It states the first user demand information and is sent to the hard medium certificate of digital certificate service organization application, receiving module is recognized for obtaining electronics The hard medium certificate that card service organization generates according to the first user demand information.
The embodiment of the present invention solves soft Jie by providing a kind of digital certificate method and device based on mobile terminal The easily stolen problem of cross-examination book, and hard medium certificate and soft-medium certificate are realized in the mutual use of mobile terminal.
The beneficial effect of the digital certificate method and device based on mobile terminal of embodiment for a better understanding of the present invention Fruit is illustrated below with reference to specific example.
Fig. 3 is that certificate request and downloading flow diagram are carried out using the embodiment of the present invention.When specific implementation, the present invention is real The electronic authentication device for applying example can be fabricated to the form of certificate verification platform, as shown in figure 3, user initiates on mobile terminals When certificate request is requested, certificate verification platform receives the request of the application comprising data 1 and data 2 (step is 1.), wherein data 1 IMSI number on IMEI number comprising terminal and user's SIM card, user required for CA mechanism when data 2 mainly include application certificate The information such as the routine information of offer, such as integer type, user contact details, certificate template.Certificate verification platform by data 2 with The mode of safety is sent to CA mechanism (step is 2.), for applying for hard medium certificate (such as SM2 certificate).CA mechanism issues hard medium After certificate, which is stored in local crypto module by certificate verification platform, and obtains the finger print information of the certificate, this is referred to The association of line information and date 1 generates certificate associated data, regard certificate related information and data 2 as application information (step together 3.), it is sent to CA mechanism in a secure manner, applies for soft-medium certificate.After receiving the soft-medium certificate that CA mechanism issues, certificate The soft-medium certificate is sent to mobile terminal (step is 4.) by authentication platform in a secure manner again, completes certificate request and downloading Process.3. and 4. step obtains terminal if the mobile terminal of user has hard medium certificate, then only need to be according to step shown in Fig. 3 Take soft-medium certificate.
Fig. 4 is the flow diagram being digitally signed using the embodiment of the present invention.As shown in figure 4, when having data or text When part needs Mobile terminal signature, mobile terminal signs data to be signed or file using its soft-medium certificate obtained Name, then certificate verification platform authenticates terminal and user according to the data 1 of acquisition and utilizes soft-medium certificate to right The data or file signed carry out sign test, judge whether certificate matches with terminal, if sign test passes through and the certification of terminal and people Pass through, is replaced soft-medium certificate signature using hard medium certificate by platform.
For terminal when signing to data, certification soft-medium certificate signs to file or data, it is ensured that letter The safety of breath, since soft-medium certificate is generally stored inside in move media, can random copy propagation, not can guarantee certificate The true identity of holder, the true identity of 1 authentication authorization and accounting certificate holder of data, by the identity of soft-medium certificate and terminal and people Binding, to guarantee safety.
Fig. 5 is the flow diagram that signature verification is carried out using the embodiment of the present invention.As shown in figure 5, utilizing Fig. 4 institute After showing that process completes hard medium certificate signature, the signature verification module of certificate verification platform also needs to obtain public key from CA mechanism Certificate is digitally signed verifying to the data or file signed with hard medium certificate, and verification result is returned to movement eventually End.Optionally, above-mentioned signature verification module can independent in this present embodiment certificate verification platform and set, the embodiment of the present invention It is only illustrated so that certificate verification platform includes signature verification module as an example, is not intended as limitation of the present invention.
Fig. 6 is the authentication device and the connection schematic diagram of user terminal and digital certificate service organization of the embodiment of the present invention.Such as Shown in Fig. 6, the user of mobile terminal is the party in request of certificate or digital signature, for guarantee certificate verification platform safety, The data of all transmission either certificate request data or signed data require to carry out simple disease by disinfection server Poison scanning, just transfers data to certificate verification platform in the case where detecting no abnormality seen.Certificate verification platform is by transmitting Data carry out certificate request or signature replacement operation.If certificate request operates, certificate verification platform and CA mechanism are carried out Interaction, applies for hard medium certificate and/or soft-medium certificate.If being digitally signed operation, certificate verification platform is completed signature and is replaced It changes jobs, and the data for completing signature is back to mobile terminal.If carrying out the signature verification operations of signature file or data, Signature file and data carry out sign test operation by signature verification module, and confirm user certificate status (come into force, freeze, Revoke), if user certificate is active states and sign test passes through, return is proved to be successful as a result, otherwise failing for sign test.
The embodiment of the present invention solves soft Jie by providing a kind of digital certificate method and device based on mobile terminal The easily stolen problem of cross-examination book, and hard medium certificate and soft-medium certificate are realized in the mutual use of mobile terminal.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Specific embodiment is applied in the present invention, and principle and implementation of the present invention are described, above embodiments Explanation be merely used to help understand method and its core concept of the invention;At the same time, for those skilled in the art, According to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion in this specification Appearance should not be construed as limiting the invention.

Claims (9)

1. a kind of digital certificate method based on mobile terminal, which is characterized in that the digital certificate method includes:
Receive the certificate request request that user initiates in mobile terminal;
The local hard medium for whether being stored with the mobile terminal is judged according to user's client information in certificate request request Certificate;
If the hard medium certificate of the mobile terminal is locally stored, requested according to the hard medium certificate and the certificate request It obtains soft-medium certificate and is sent to the mobile terminal, so that the mobile terminal treats signature file using soft-medium certificate It signs;
Sign test is carried out to the file signed using the soft-medium certificate, and information is whole to the movement according to the user end End is authenticated;
When the file sign test passes through and the mobile terminal authentication passes through, using the hard medium certificate to having signed File is signed again;
The file signed again by the hard medium certificate verify and verification result is fed back into the mobile terminal;
Wherein, described according to the hard medium certificate and the certificate request request soft-medium certificate, it specifically includes:
By the finger print information of the hard medium certificate and the user terminal information association, certificate associated data is obtained;By the card Book associated data and second user demand information are sent to digital certificate service organization application soft-medium certificate;Obtain digital certificate The soft-medium certificate that service organization generates according to the certificate associated data and second user demand information.
2. the digital certificate method of mobile terminal according to claim 1, which is characterized in that described according to the certificate Shen User's client information in please requesting judges that it is no for locally whether being stored with the judging result of the hard medium certificate of the mobile terminal When, the digital certificate method further include:
According to the first hard medium certificate of user demand acquisition of information in certificate request request, the first user demand letter Breath includes application certificate type, user information and certificate template.
3. the digital certificate method of mobile terminal according to claim 2, which is characterized in that described according to the certificate Shen The first hard medium certificate of user demand acquisition of information in please requesting, specifically includes:
The first user demand information is sent to digital certificate service organization and applies for hard medium certificate;
Obtain the hard medium certificate that digital certificate service organization generates according to the first user demand information.
4. the digital certificate method of mobile terminal according to claim 3, which is characterized in that the first user demand letter It ceases identical or different with the second user demand information.
5. the digital certificate method of mobile terminal according to claim 1, which is characterized in that described pair is passed through hard Jie The file that cross-examination book is signed again is verified, and is specifically included:
Obtain the public key certificate of digital certificate service organization;
Verifying is digitally signed to the file signed again by the hard medium certificate using the public key certificate.
6. a kind of electronic authentication device based on mobile terminal, which is characterized in that the electronic authentication device includes:
Certificate request receiving unit, the certificate request request initiated for receiving user in mobile terminal;
Judging unit, for judging locally whether be stored with the movement according to user's client information in certificate request request The hard medium certificate of terminal;
Soft-medium certificate request unit, for according to the hard medium certificate and the certificate request request soft-medium certificate And it is sent to the mobile terminal, it signs so that the mobile terminal treats signature file using soft-medium certificate;
Sign test and authentication unit, for carrying out sign test to the file signed using the soft-medium certificate, and according to the use Family client information authenticates the mobile terminal;
Signature updating unit, for being signed again using the hard medium certificate to the file signed;
Signature verification unit, for the file signed again by the hard medium certificate carry out verifying and by verification result it is anti- It feeds the mobile terminal;
Wherein, the soft-medium certificate request unit includes: relating module, for by the finger print information of the hard medium certificate with The user terminal information association, obtains certificate associated data;Second sending module is used for the certificate associated data and second User demand information is sent to digital certificate service organization application soft-medium certificate;Second receiving module is recognized for obtaining electronics Demonstrate,prove the soft-medium certificate that service organization generates according to the certificate associated data and second user demand information.
7. the electronic authentication device according to claim 6 based on mobile terminal, which is characterized in that the digital certificate dress It sets further include:
Hard medium certificate application unit, for according to the first hard medium of user demand acquisition of information in certificate request request Certificate, the first user demand information include application certificate type, user information and certificate template;
Crypto module, for storing the hard medium certificate.
8. the electronic authentication device according to claim 7 based on mobile terminal, which is characterized in that the hard medium certificate Application unit includes:
First sending module applies for that hard medium is demonstrate,proved for the first user demand information to be sent to digital certificate service organization Book;
First receiving module, the hard medium generated for obtaining digital certificate service organization according to the first user demand information Certificate.
9. the electronic authentication device according to claim 6 based on mobile terminal, which is characterized in that the signature verification list Member includes:
Public key acquisition module, for obtaining the public key certificate of digital certificate service organization;
Signature verification module, for being counted using the public key certificate to the file signed again by the hard medium certificate Word signature verification.
CN201611049532.XA 2016-11-24 2016-11-24 A kind of digital certificate method and device based on mobile terminal Active CN106656507B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611049532.XA CN106656507B (en) 2016-11-24 2016-11-24 A kind of digital certificate method and device based on mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611049532.XA CN106656507B (en) 2016-11-24 2016-11-24 A kind of digital certificate method and device based on mobile terminal

Publications (2)

Publication Number Publication Date
CN106656507A CN106656507A (en) 2017-05-10
CN106656507B true CN106656507B (en) 2019-10-11

Family

ID=58811806

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611049532.XA Active CN106656507B (en) 2016-11-24 2016-11-24 A kind of digital certificate method and device based on mobile terminal

Country Status (1)

Country Link
CN (1) CN106656507B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107196767A (en) * 2017-07-26 2017-09-22 成都三零盛安信息***有限公司 Certificate request method and device
CN109802833A (en) * 2017-11-16 2019-05-24 航天信息股份有限公司 The certificate management method and device of mobile terminal
CN108683504B (en) * 2018-04-24 2021-06-29 湖南东方华龙信息科技有限公司 Certificate issuing method based on multi-identity
CN112395579A (en) * 2020-11-13 2021-02-23 中国工商银行股份有限公司 Electronic signature generation method and device based on face recognition and cloud certificate

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102291376A (en) * 2010-06-18 2011-12-21 普天信息技术研究院有限公司 Method and system for realizing mobile terminal-supporting electronic transaction
CN105323062A (en) * 2014-06-03 2016-02-10 北京收付宝科技有限公司 Mobile terminal digital certificate electronic signature method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102291376A (en) * 2010-06-18 2011-12-21 普天信息技术研究院有限公司 Method and system for realizing mobile terminal-supporting electronic transaction
CN105323062A (en) * 2014-06-03 2016-02-10 北京收付宝科技有限公司 Mobile terminal digital certificate electronic signature method

Also Published As

Publication number Publication date
CN106656507A (en) 2017-05-10

Similar Documents

Publication Publication Date Title
US11258777B2 (en) Method for carrying out a two-factor authentication
CN105991287B (en) A kind of generation of signed data and finger print identifying requesting method and device
JP6586446B2 (en) Method for confirming identification information of user of communication terminal and related system
JP5601729B2 (en) How to log into a mobile radio network
CN104618116B (en) A kind of cooperative digital signature system and its method
CN106656507B (en) A kind of digital certificate method and device based on mobile terminal
CN102202306B (en) Mobile security authentication terminal and method
US8302175B2 (en) Method and system for electronic reauthentication of a communication party
US20170070353A1 (en) Method of managing credentials in a server and a client system
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
US11483155B2 (en) Access control using proof-of-possession token
CN110493237A (en) Identity management method, device, computer equipment and storage medium
CN106452796B (en) Authentication authority method, tax-related service platform and relevant device
CN109981287A (en) A kind of code signature method and its storage medium
CN112084521A (en) Unstructured data processing method, device and system for block chain
CN113364597A (en) Privacy information proving method and system based on block chain
EP3851983B1 (en) Authorization method, auxiliary authorization component, management server and computer readable medium
CN110335040A (en) Resource transfers method, apparatus, electronic equipment and storage medium
CN114519206B (en) Method for anonymously signing electronic contract and signature system
CN105743651B (en) The card in chip secure domain is using method, apparatus and application terminal
CN111062059B (en) Method and device for service processing
CN103139210A (en) Method of safety authentication
CN103312511A (en) Information confirming system and information confirming method
CN113328854B (en) Service processing method and system based on block chain
CN102693478A (en) Trading method of bid security during bidding procedure and system thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20211230

Address after: 100191 No. 40, Haidian District, Beijing, Xueyuan Road

Patentee after: CHINA ACADEMY OF INFORMATION AND COMMUNICATIONS

Address before: 100191 No. 52 Garden North Road, Beijing, Haidian District

Patentee before: CHINA ACADEME OF TELECOMMUNICATION RESEARCH OF MIIT

TR01 Transfer of patent right