CN106936789A - The application process that a kind of use double certificate is authenticated - Google Patents
The application process that a kind of use double certificate is authenticated Download PDFInfo
- Publication number
- CN106936789A CN106936789A CN201511025602.3A CN201511025602A CN106936789A CN 106936789 A CN106936789 A CN 106936789A CN 201511025602 A CN201511025602 A CN 201511025602A CN 106936789 A CN106936789 A CN 106936789A
- Authority
- CN
- China
- Prior art keywords
- certificate
- certification
- work
- authenticated
- application process
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses the application process that a kind of use double certificate is authenticated, comprise the following steps:1) application system is configured, specifies the available work certificate of the application system, specifying can be by the certification certificate of two-way authentication and work certificate pair, while specifying the condition for starting work certificate;2) user enables certification certificate;3) certification certificate carries out two-way authentication with work certificate;4) start work certificate, realize operating the various functions of application system.The beneficial effects of the present invention are:The present invention can enable work certificate safe and convenient in application system, and there is provided the urgent prediction scheme of strong security, meanwhile, the present invention can also solve to need multiple users to cooperate jointly in operation system just to enable the actual demand of some functions of system well.
Description
Technical field
Come using certification certificate the invention belongs to computer and field of information security technology, more particularly to one kind
Enable the application process of work certificate safe and convenient.
Background technology
With developing rapidly for information industry technology, all trades and professions all proceed by information-based and networking.
In order to protect the owner of every profession and trade information system and the legitimate rights and interests of user, every profession and trade information system is equal
Authentication, data encryption and integrity protection are carried out using digital certificate.The way of current main flow is,
Using USB Key as digital certificate carrier, and enabling digital certificate needs input PIN code or to test
Card user fingerprints.There are following some shortcomings in this way:
If the 1, USB Key lose or leave behind, the salubrity for using it to carry out digital certificate mode is will be unable to
Part certification.Before USB Key are claimed again, authentication can only be carried out using emergency preplan, for example
Password authentication, sign and issue interim soft certificate etc..The reliability and security of these emergency preplans can all compare hardware
It is low using this mode of digital certificate;
If the 2, USB Key and computer are connected by USB, user must physically close to computer,
To be input into PIN code or to carry out fingerprint authentication.If USB Key and computer are wireless by bluetooth etc.
Mode is connected, because USB Key and computer can not carry out strong identity authentication by digital certificate, therefore
There is no small security risk;
3rd, on the mobile terminal device usually using TF cards as digital certificate carrier, user using
When the card is inserted in mobile terminal.For convenience, most of user custom after having used should not
TF cards are pulled out.Once mobile terminal is lost, then only certificate PIN code etc. of protection user security,
Security can be on the hazard.
4th, existing USB Key only support that a people one demonstrate,proves the application method of a Key, i.e., one user holds
The corresponding digital certificate of the user is only deposited in one USB Key, the inside, when user uses application system, makes
Corresponding feature operation is completed with the digital certificate.In many instances, it is necessary to multiple users cooperate jointly
Some functions of system can be just enabled, such as a certain decision-making needs four people in seven keepers to agree to lead to
Cross.Obviously, the way of one Key of the existing card of a people one cannot meet above-mentioned requirement, and can answer
Great trouble is brought with system.
As can be seen here, it is that this area needs solution badly that digital certificate how is enabled in application system safe and convenient
Technical problem certainly.Therefore, applicant carried out beneficial exploration and trial, have found and solve above-mentioned asking
The method of topic, technical scheme described below is produced under this background.
The content of the invention
The technical problems to be solved by the invention:One kind is provided and is used in view of the shortcomings of the prior art
The application process that double certificate is authenticated, user possesses certification certificate, and the application system on computer is used
Work certificate, user completes each of the application system on computer using certification certificate startup work certificate
Item feature operation.
Technical problem solved by the invention can be realized using following technical scheme:
The application process that a kind of use double certificate is authenticated, comprises the following steps:
1) application system is configured, specifies the available work certificate of the application system, specifying to lead to
The certification certificate and work certificate pair of two-way authentication are crossed, while specifying the condition for starting work certificate;
2) user enables certification certificate;
3) certification certificate carries out two-way authentication with work certificate;
4) start work certificate, realize operating the various functions of application system.
In a preferred embodiment of the invention, in the step 1) in, application system can be carried out
Default configuration, acquiescence specifies the available work certificate of application system, and acquiescence is specified can be by two-way authentication
Certification certificate and work certificate pair, acquiescence specify start work certificate condition.
In a preferred embodiment of the invention, in the step 1) in, the startup work certificate
Condition includes directly using PIN code mode or meeting a number of certification certificate and passing through with the work certificate
The mode of two-way authentication.
In a preferred embodiment of the invention, in the step 1) in specify the application system it is available
During work certificate, it is possible to specify a certain certification certificate is realized to application directly as available work certificate
The various functions of system are operated.
In a preferred embodiment of the invention, in the step 1) in, the work certificate or certification
Certificate is the certificate for meeting X.509 form.
In a preferred embodiment of the invention, in the step 1) in, the work certificate and certification
Certificate is in same medium or in different medium.
In a preferred embodiment of the invention, in the step 2) in, the user enables authentication proof
The mode that enables of book enables mode for verification fingerprint enables mode or is input into PIN code.
In a preferred embodiment of the invention, in the step 3) in, for same Zhang Gong's deposition,
It can simultaneously carry out two-way authentication with multiple certification certificates, for same certification certificate, its can simultaneously with
Multiple work certificates carry out two-way authentication.
In a preferred embodiment of the invention, in the step 3) in, the certification in different medium
The communication mode that certificate carries out two-way authentication with work certificate is the one kind in WIFI, bluetooth or NFC.
In a preferred embodiment of the invention, in the step 3) in, certification certificate with work certificate
The method for carrying out two-way authentication is SSL mutual authentication methods or SPKM mutual authentication methods.
As a result of technical scheme as above, the beneficial effects of the present invention are:
1st, the urgent prediction scheme of strong safety.When the certificate that works can not be used because of reasons such as medium loss, application
It is work certificate that system can set the certification certificate that user holds, and is directly operated using certification certificate,
Complete the various functions operation to application system;When certification certificate because medium loss etc. reason can not be used
When, application system can set and directly enable work certificate using PIN code and be operated, and complete to applying
The various functions operation of system.
2nd, unbounded working method.Medium where work certificate is directly connected with computer, certification certificate institute
Carried by user in medium, two-way authentication, this kind of working method are carried out by radio connections such as WIFI
User can be made not moved freely by the constraint of working computer, and ensure the highest safety of communication link
Property.
3rd, abundant system application is supported.For example, application system can be set meets a number of certification
, by just starting work certificate after two-way authentication, work certificate and certification certificate one for certificate and the work certificate
To carrying out two-way authentication simultaneously more, it is particularly suitable for needing many people to cooperate simultaneously the flow that could be completed.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to reality
The accompanying drawing to be used needed for example or description of the prior art is applied to be briefly described, it should be apparent that, below
Accompanying drawing in description is only some embodiments of the present invention, for those of ordinary skill in the art,
On the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is FB(flow block) of the invention.
Specific embodiment
In order that technological means, creation characteristic, reached purpose and effect that the present invention is realized are readily apparent from
Solution, with reference to being specifically illustrating, is expanded on further the present invention.
Referring to Fig. 1, what is be given in figure is the application process that a kind of use double certificate of the invention is authenticated,
Comprise the following steps:
Step 101, configures to application system, specifies the available work certificate of the application system, specifies
Can be by the certification certificate of two-way authentication and work certificate pair, while specifying the condition for starting work certificate.
Wherein, starting the condition of work certificate includes directly using PIN code mode or meeting a number of certification
Certificate is with the work certificate by way of two-way authentication.Additionally, in the specified available work of the application system
During deposition, it is possible to specify a certain certification certificate is realized to application system directly as available work certificate
The various functions of system are operated.Default configuration can also be carried out to application system, acquiescence specifies application system
Unite available work certificate, acquiescence specify can by the certification certificate of two-way authentication and work certificate pair,
Acquiescence specifies the condition for starting work certificate.In the present embodiment, work certificate or certification certificate are to meet
X.509 the certificate of form, work certificate is in same medium or in different medium with certification certificate;
Step 102, judge to specify certification certificate whether be system available work certificate, if being judged as YES,
Then enter step 106, if being judged as NO, into step 103;
Step 103, judges to specify whether the condition for enabling work certificate is a number of certification certificate and is somebody's turn to do
Work certificate carries out two-way authentication, if being judged as YES, into step 104, if being judged as NO, enters
Step 106;
Step 104, user enables certification certificate by verifying the mode such as fingerprint or input PIN code;
Step 105, certification certificate uses SSL mutual authentication methods or SPKM two-way authentications with work certificate
The mutual authentication methods such as method carry out two-way authentication, when the certification certificate and the work certificate of specified quantity enter
Go after two-way authentication, be transferred to step 106.Additionally, when certification certificate is in different medium with work certificate
When, communication link can be carried out by modes such as WIFI, bluetooth or NFC between certification certificate and work certificate
Connect.Certainly, for same Zhang Gong's deposition, it can carry out two-way authentication with multiple certification certificates simultaneously,
For same certification certificate, it can carry out two-way authentication with multiple work certificates simultaneously;
Step 106, enables work certificate, realizes operating the various functions of application system.If referred to
Determine user authentication credentials and be work certificate, or the condition of startup work certificate is not a number of
Certification certificate passes through two-way authentication therewith, then fingerprint or PIN code were verified before work certificate is enabled.
The present invention can enable work certificate safe and convenient in application system, and there is provided strong security
Urgent prediction scheme, meanwhile, the present invention can also solve to need multiple users common in operation system well
Cooperation can just enable the actual demand of some functions of system.
General principle of the invention and principal character and advantages of the present invention has been shown and described above.One's own profession
The technical staff of industry it should be appreciated that the present invention is not limited to the above embodiments, above-described embodiment and explanation
Merely illustrating the principles of the invention described in book, without departing from the spirit and scope of the present invention,
Various changes and modifications of the present invention are possible, and these changes and improvements both fall within claimed invention model
In enclosing.The claimed scope of the invention is by appending claims and its equivalent thereof.
Claims (10)
1. the application process that a kind of use double certificate is authenticated, it is characterised in that comprise the following steps:
1) application system is configured, specifies the available work certificate of the application system, specifying to lead to
The certification certificate and work certificate pair of two-way authentication are crossed, while specifying the condition for starting work certificate;
2) user enables certification certificate;
3) certification certificate carries out two-way authentication with work certificate;
4) start work certificate, realize operating the various functions of application system.
2. the application process being authenticated using double certificate as claimed in claim 1, it is characterised in that
In the step 1) in, default configuration can be carried out to application system, acquiescence specifies application system available
Work certificate, acquiescence is specified can be specified and be opened by the certification certificate of two-way authentication and work certificate pair, acquiescence
Start building the condition of deposition.
3. the application process being authenticated using double certificate as claimed in claim 1, it is characterised in that
In the step 1) in, the condition for starting work certificate includes directly using PIN code mode or satisfaction
A number of certification certificate is with the work certificate by way of two-way authentication.
4. the application process being authenticated using double certificate as claimed in claim 1, it is characterised in that
In the step 1) in when specifying the available work certificate of the application system, it is possible to specify a certain certification certificate
The various functions to application system are realized directly as available work certificate to operate.
5. the application process being authenticated using double certificate as claimed in claim 1, it is characterised in that
In the step 1) in, the work certificate or certification certificate are the certificate for meeting X.509 form.
6. the application process being authenticated using double certificate as claimed in claim 1, it is characterised in that
In the step 1) in, the work certificate is in same medium or in different medium with certification certificate
It is interior.
7. the application process being authenticated using double certificate as claimed in claim 1, it is characterised in that
In the step 2) in, the user enable certification certificate enable mode for verification fingerprint enable mode or
Input PIN code enables mode.
8. the application process being authenticated using double certificate as claimed in claim 1, it is characterised in that
In the step 3) in, for same Zhang Gong's deposition, it can carry out two-way with multiple certification certificates simultaneously
Certification, for same certification certificate, it can carry out two-way authentication with multiple work certificates simultaneously.
9. the application process being authenticated using double certificate as claimed in claim 1, it is characterised in that
In the step 3) in, the certification certificate in different medium carries out the communication of two-way authentication with work certificate
Mode is the one kind in WIFI, bluetooth or NFC.
10. the application process being authenticated using double certificate as claimed in claim 1, it is characterised in that
In the step 3) in, the method that certification certificate carries out two-way authentication with work certificate is SSL two-way authentications
Method or SPKM mutual authentication methods.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511025602.3A CN106936789B (en) | 2015-12-30 | 2015-12-30 | Application method for authentication by using double certificates |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511025602.3A CN106936789B (en) | 2015-12-30 | 2015-12-30 | Application method for authentication by using double certificates |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106936789A true CN106936789A (en) | 2017-07-07 |
| CN106936789B CN106936789B (en) | 2021-04-13 |
Family
ID=59442622
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511025602.3A Active CN106936789B (en) | 2015-12-30 | 2015-12-30 | Application method for authentication by using double certificates |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106936789B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110769393A (en) * | 2019-11-07 | 2020-02-07 | 公安部交通管理科学研究所 | Identity authentication system and method for vehicle-road cooperation |
| CN111342968A (en) * | 2018-12-18 | 2020-06-26 | 武汉信安珞珈科技有限公司 | Method and system for issuing double digital certificates |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1663175A (en) * | 2002-06-17 | 2005-08-31 | 皇家飞利浦电子股份有限公司 | System for authentication between devices using group certificates |
| CN1787525A (en) * | 2005-11-15 | 2006-06-14 | 上海格尔软件股份有限公司 | Method for application of double certificate in SSL protocol |
| CN101145233A (en) * | 2006-09-12 | 2008-03-19 | 中国农业银行 | Data ciphered-mortgage transaction system, teller identification system, trans-center transaction system and method |
| CN102271040A (en) * | 2011-07-26 | 2011-12-07 | 北京华大信安科技有限公司 | Identity verifying system and method |
| CN103117862A (en) * | 2013-02-18 | 2013-05-22 | 无锡矽鼎科技有限公司 | Method for using X.509 digital certificate of openssl for verifying Java certificate |
| US20140181931A1 (en) * | 2007-07-27 | 2014-06-26 | White Sky, Inc. | Multi-platform user device malicious website protection system |
-
2015
- 2015-12-30 CN CN201511025602.3A patent/CN106936789B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1663175A (en) * | 2002-06-17 | 2005-08-31 | 皇家飞利浦电子股份有限公司 | System for authentication between devices using group certificates |
| CN1787525A (en) * | 2005-11-15 | 2006-06-14 | 上海格尔软件股份有限公司 | Method for application of double certificate in SSL protocol |
| CN101145233A (en) * | 2006-09-12 | 2008-03-19 | 中国农业银行 | Data ciphered-mortgage transaction system, teller identification system, trans-center transaction system and method |
| US20140181931A1 (en) * | 2007-07-27 | 2014-06-26 | White Sky, Inc. | Multi-platform user device malicious website protection system |
| CN102271040A (en) * | 2011-07-26 | 2011-12-07 | 北京华大信安科技有限公司 | Identity verifying system and method |
| CN103117862A (en) * | 2013-02-18 | 2013-05-22 | 无锡矽鼎科技有限公司 | Method for using X.509 digital certificate of openssl for verifying Java certificate |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111342968A (en) * | 2018-12-18 | 2020-06-26 | 武汉信安珞珈科技有限公司 | Method and system for issuing double digital certificates |
| CN111342968B (en) * | 2018-12-18 | 2023-04-07 | 武汉信安珞珈科技有限公司 | Method and system for issuing double digital certificates |
| CN110769393A (en) * | 2019-11-07 | 2020-02-07 | 公安部交通管理科学研究所 | Identity authentication system and method for vehicle-road cooperation |
| CN110769393B (en) * | 2019-11-07 | 2021-12-24 | 公安部交通管理科学研究所 | Identity authentication system and method for vehicle-road cooperation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106936789B (en) | 2021-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102509055A (en) | Mobile terminal and method for hiding programs of mobile terminal | |
| CN106850201B (en) | Intelligent terminal multiple-factor authentication method, intelligent terminal, certificate server and system | |
| CN103955733B (en) | Electronic identity card chip card, card reader and electronic identity card verification system and method | |
| CN102936980A (en) | Method and device for controlling electronic lock | |
| CN103152329B (en) | Bluetooth is utilized to carry out identity authentication method and system | |
| CN105069864A (en) | Door lock control secure communication scheme based on NFC (near field communication) function of smart phone | |
| CN103971239A (en) | Verification method and device | |
| CN102547691B (en) | A kind of safe electronic control system based on 2.4G RFID smart card system and method | |
| CN102298683A (en) | Authentication device, system and method for short-distance radio-frequency communication authentication | |
| CN104469736B (en) | A kind of data processing method, server and terminal | |
| CN104424676A (en) | Identity information sending method, identity information sending device, access control card reader and access control system | |
| CN103729903A (en) | Authentication system and method using handset as validation terminal | |
| CN105809007A (en) | Privacy protection method and device | |
| CN106060073B (en) | Channel key machinery of consultation | |
| CN104636682A (en) | Password management system and method based on hardware device | |
| CN111508111A (en) | Method, equipment and storage medium for binding intelligent lock | |
| CN107948970A (en) | System of real name method of network entry, system and the mobile terminal of subordinate terminal | |
| CN102546571B (en) | Identity authentication system and method | |
| WO2017076270A1 (en) | Smart card having function of one time password (otp), and work method therefor | |
| CN102413146B (en) | Client authorized logon method based on dynamic codes | |
| CN202026326U (en) | Digital signature device | |
| CN103596175A (en) | Mobile intelligent terminal certification system and method based on near field communication technology | |
| CN106936789A (en) | The application process that a kind of use double certificate is authenticated | |
| CN105678143A (en) | Methods and devices for setting and acquiring electronic business card | |
| CN107508784A (en) | One kind applies login method and terminal device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| CB02 | Change of applicant information |
Address after: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Jingan District, Shanghai Applicant after: Geer software Limited by Share Ltd Address before: 200070 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Zhabei District, Shanghai Applicant before: Geer Software Co., Ltd., Shanghai |
|
| CB02 | Change of applicant information | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |