CN107306182A - A kind of method, client and server for generating digital certificate - Google Patents
A kind of method, client and server for generating digital certificate Download PDFInfo
- Publication number
- CN107306182A CN107306182A CN201610244156.3A CN201610244156A CN107306182A CN 107306182 A CN107306182 A CN 107306182A CN 201610244156 A CN201610244156 A CN 201610244156A CN 107306182 A CN107306182 A CN 107306182A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- characteristic information
- user
- server
- configuration file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiments of the invention provide a kind of method, client and server for generating digital certificate, wherein methods described includes:When client receives the configuration file of user's input, the configuration file is sent into server;Show the control for input feature vector information in the client;The characteristic information that user inputs in the control is received, and the characteristic information is sent to server, the server is used for according to the characteristic information, the configuration file is called, digital certificate files corresponding with the characteristic information are generated;Receive the digital certificate files that the server is returned.The embodiment of the present invention can automatically generate digital certificate files, digital certificate files are made by hand without user and configuration file is repeatedly inputted, the efficiency of digital certificate generation is drastically increased, and reduce the probability of information error, it is easy to safeguard digital certificate, saves maintenance time and human resources.
Description
Technical field
The present invention relates to communication authentication technical field, more particularly to a kind of method for generating digital certificate,
A kind of client and a kind of server of generation digital certificate for generating digital certificate.
Background technology
With the development of information technology, the more application scenarios of the multimedia service of high speed, broadband services are
Indoor and hot zones, traditional cell mobile communication systems can not meet this kind of demand, family well
The birth of formula base station (Home eNodeB, abbreviation H (e) NB) makes this problem effectively be solved.
Wherein, H (e) NB be it is a kind of it is small-sized, may be mounted at interior, configure flexible base station, can
Provide the user low cost, high-speed data transmission service.
In H (e) NB system architecture, UE (User Equipment, user equipment) and H (e) NB
Air interface can be with UTRAN (UMTS Terrestrial Radio Access Network, general shifting
The land radio access web of dynamic communication system) in air interface backward compatibility.The SeGW of core-network side
(security gateway, security gateway) represents core net and is mutually authenticated with H (e) NB, due to
H (e) NB are likely located in insincere region, and H (e) NB core network access is then likely to be unsafe,
Therefore needs set up the communication connection channel of a safety between H (e) NB and SeGW.
Before H (e) NB and SeGW are authenticated, H (e) NB need one H (e) NB's of initial configuration
Digital certificate and credential key, while the server of a gateway trusty is configured in H (e) NB
Digital certificate list.In the prior art, the step of operation maintenance personnel makes H (e) NB digital certificate is such as
Under:
(1) openssl (security socket layer cryptographic libraries) environmental variance is changed;
(2) data of different provinces and cities' planning are filled in, for example:Country, provinces and cities, city, company, portion
Door, main frame etc., generate root certificate according to layout data and sign certainly;
(3) make server certificate and sign;
(4) configuration file is changed;
(5) when making H (e) NB digital certificate, the data of different provinces and cities' planning are filled in, for example:State
Family, provinces and cities, city, company, department, main frame etc., and keep one with the input value of corresponding root certificate
Cause.
However, inventor is when implementing prior art, it is found that at least there are the following problems for prior art:
(1) manual manufacture digital certificate, poor in timeliness a, working day is only capable of making 30 numeral cards
Book;
(2) need to input layout data twice, manually need amount of input information big, be very easy to error;
(3) in O&M, often submitting to digital certificate can just pinpoint the problems behind base station, generally
It is difficult to take into account different network elements, maintenance needs to spend more manpower.
The content of the invention
In view of the above problems, it is proposed that the embodiment of the present invention overcomes above mentioned problem or extremely to provide one kind
A kind of method of the generation digital certificate partially solved the above problems and a kind of corresponding generation numeral
The client of certificate and a kind of server of generation digital certificate.
In order to solve the above problems, the embodiment of the invention discloses a kind of method for generating digital certificate, institute
The method of stating includes:
When client receives the configuration file of user's input, the configuration file is sent to server
In;
Show the control for input feature vector information in the client;
The characteristic information that user inputs in the control is received, and the characteristic information is sent to service
Device, the server is used for according to the characteristic information, calls the configuration file, generation and the spy
Reference ceases corresponding digital certificate files;
Receive the digital certificate files that the server is returned.
Preferably, the characteristic information at least includes:The Base Serial Number of the digital certificate files of generation is needed,
And, it is necessary to the quantity of the digital certificate files of generation.
Preferably, methods described also includes:
The digital certificate files are distributed in the designated entities object of respective amount respectively.
Preferably, the designated entities object includes Home eNodeB H (e) NB;What the server was returned
Digital certificate files are compressed file, and the compressed file includes multiple digital certificate files and corresponding
Configuration file;
It is described that the digital certificate files are distributed to the step in the designated entities object of respective amount respectively
Suddenly include:
The compressed file is decompressed, multiple digital certificate files and corresponding configuration file is obtained, it is described to match somebody with somebody
Putting file includes configuration script;
The multiple digital certificate files and corresponding configuration file are uploaded to corresponding H (e) NB respectively
Board in, in the board of H (e) NB, perform the configuration script, the numeral demonstrate,proved
Written matter is arranged on the specified location of H (e) NB.
Preferably, it is described to receive the characteristic information that user inputs in the control, and the feature is believed
The step of breath is sent to server includes:
Receive the characteristic information that user inputs in the control;
Verify whether the characteristic information meets preset rules;
If it is not, then generating prompt message, the characteristic information of preset rules is met to point out user to re-enter;
If so, then the characteristic information is sent to server.
Preferably, in the characteristic information that is inputted in the control of reception user, and by the feature
Information is sent to after the step of server, in addition to:
User's confirmation that the reception server is returned;
User's confirmation is presented to user;
When detecting the confirmation operation that user is sent based on user's confirmation, generation confirmation refers to
Order, and confirm that instruction is sent to server by described, the server is used to confirm instruction according to described,
The configuration file is called, digital certificate files corresponding with the characteristic information are generated.
The embodiment of the invention also discloses a kind of method for generating digital certificate, methods described includes:
Receive the configuration file that client is sent;
Receive what client was sent, the characteristic information inputted in the control that user shows in the client;
According to the characteristic information, the configuration file is called, number corresponding with the characteristic information is generated
Word certificate file;
The digital certificate files are returned into client.
Preferably, the characteristic information at least includes:The Base Serial Number of the digital certificate files of generation is needed,
And, it is necessary to the quantity of the digital certificate files of generation;
It is described to call the configuration file according to the characteristic information, generate corresponding with the characteristic information
Digital certificate files the step of include:
The configuration file is called, number corresponding with the quantity of the digital certificate files for needing to generate is generated
The digital certificate files of amount;
The numbering of the digital certificate files of first generation is used as using the Base Serial Number;
Based on the Base Serial Number, other digital certificate files generated are named to number incremental mode
Numbering.
Preferably, described according to the characteristic information, the configuration file, generation and the spy are called
Before the step of reference ceases corresponding digital certificate files, in addition to:
User's confirmation is generated based on the characteristic information;
User's confirmation is returned to client, the client is used for user's confirmation
User is presented to, and when detecting the confirmation operation that user is sent based on user's confirmation, it is raw
Into instruction is confirmed, confirm that instruction is sent to server by described.
The embodiment of the invention also discloses a kind of client for generating digital certificate, the client includes:
Configuration file sending module, for when receiving the configuration file of user's input, by the configuration
File is sent into server;
Control exposure module, for showing the control for input feature vector information in the client;
Characteristic information sending module, for receiving the characteristic information that user inputs in the control, and will
The characteristic information is sent to server, and the server is used for according to the characteristic information, is called described
Configuration file, generates digital certificate files corresponding with the characteristic information;
Digital certificate receiving module, for receiving the digital certificate files that the server is returned.
Preferably, the characteristic information at least includes:The Base Serial Number of the digital certificate files of generation is needed,
And, it is necessary to the quantity of the digital certificate files of generation.
Preferably, the client also includes:
Distribution module, the designated entities pair for the digital certificate files to be distributed to respective amount respectively
As in.
Preferably, the designated entities object includes Home eNodeB H (e) NB;What the server was returned
Digital certificate files are compressed file, and the compressed file includes multiple digital certificate files and corresponding
Configuration file;
The distribution module includes:
Submodule is decompressed, for decompressing the compressed file, multiple digital certificate files are obtained and corresponding
Configuration file, the configuration file includes configuration script;
Certificate uploads submodule, for respectively by the multiple digital certificate files and corresponding configuration file
In the board for being uploaded to corresponding H (e) NB, in the board of H (e) NB, the configuration is performed
Script, the digital certificate files is arranged on the specified location of H (e) NB.
Preferably, the characteristic information sending module includes:
Characteristic information receiving submodule, for receiving the characteristic information that user inputs in the control;
Submodule is verified, for verifying whether the characteristic information meets preset rules;If it is not, then calling
Prompting submodule, if so, then calling characteristic information sending submodule;
Prompting submodule, for generating prompt message, meets preset rules to point out user to re-enter
Characteristic information;
Characteristic information sending submodule, for the characteristic information to be sent to server.
Preferably, in addition to:
Confirmation receiving module, the user's confirmation returned for the reception server;
Confirmation display module, for user's confirmation to be presented into user;
Confirm directive generation module, sent really based on user's confirmation for user ought to be detected
When recognizing operation, generation confirms instruction, and confirms that instruction is sent to server by described, and the server is used
In confirming instruction according to described, the configuration file is called, numeral corresponding with the characteristic information is generated
Certificate file.
The embodiment of the invention also discloses a kind of server for generating digital certificate, the server includes:
Configuration file receiving module, the configuration file for receiving client transmission;
Characteristic information receiving module, for receiving client transmission, the control that user shows in the client
The characteristic information inputted in part;
Digital certificate generation module, for according to the characteristic information, calling the configuration file, generation
Digital certificate files corresponding with the characteristic information;
Digital certificate sending module, for the digital certificate files to be returned into client.
Preferably, the characteristic information at least includes:The Base Serial Number of the digital certificate files of generation is needed,
And, it is necessary to the quantity of the digital certificate files of generation;
The digital certificate generation module includes:
Certificates constructing submodule, for calling the configuration file, generation and the numeral for needing to generate
The digital certificate files of the quantity respective amount of certificate file;
First numbering submodule, for the digital certificate files using the Base Serial Number as first generation
Numbering;
Second numbering submodule, for based on the Base Serial Number, other to be named in the mode for numbering incremental
The numbering of the digital certificate files of generation.
Preferably, the server also includes:
Confirmation generation module, for generating user's confirmation based on the characteristic information;
Confirmation sending module, for returning to user's confirmation, the client to client
For user's confirmation to be presented into user, and user's confirmation letter is based on detecting user
When ceasing the confirmation operation sent, generation confirms instruction, confirms that instruction is sent to server by described.
The embodiment of the present invention includes advantages below:
In embodiments of the present invention, when client receives the configuration file and characteristic information of user's input
When, the configuration file and characteristic information can be sent to server, server is according to the configuration file
And characteristic information automatically generates digital certificate files corresponding with characteristic information, is made by hand without user
Digital certificate files and configuration file is repeatedly inputted, drastically increases the efficiency of digital certificate generation,
The probability of information error is reduced, is easy to safeguard digital certificate, saves maintenance time and human resources.
Brief description of the drawings
Fig. 1 is a kind of step flow chart of the embodiment of the method one of generation digital certificate of the present invention;
Fig. 2 is a kind of step flow chart of the embodiment of the method two of generation digital certificate of the present invention;
Fig. 3 is that the Nanocell frameworks in a kind of embodiment of the method two of generation digital certificate of the present invention show
It is intended to;
Fig. 4 is the identifying procedure figure in a kind of embodiment of the method two of generation digital certificate of the present invention;
Fig. 5 is a kind of step flow chart of the embodiment of the method three of generation digital certificate of the present invention;
Fig. 6 is a kind of structured flowchart of the client embodiment of generation digital certificate of the present invention;
Fig. 7 is a kind of structured flowchart of the server example of generation digital certificate of the present invention.
Embodiment
In order to facilitate the understanding of the purposes, features and advantages of the present invention, below in conjunction with the accompanying drawings
The present invention is further detailed explanation with embodiment.
One of the core concepts of the embodiments of the present invention is, automatically generates configuration script, when receiving user
After the Base Serial Number and quantity of input, configuration file, batch making H (e) NB number are called automatically
Word certificate, can reach the effect for making 1000 keys in 5 minutes, release and safeguard manpower.
The step of reference picture 1, embodiment of the method one for showing a kind of generation digital certificate of the invention, flows
Cheng Tu, specifically may include steps of:
Step 101, when client receives the configuration file of user's input, the configuration file is sent out
Deliver in server;
Step 102, the control for input feature vector information is showed in the client;
Step 103, the characteristic information that is inputted in the control of user is received, and by the characteristic information
Send to server;
The server is used for according to the characteristic information, calls the configuration file, generation and the spy
Reference ceases corresponding digital certificate files.
Step 104, the digital certificate files that the server is returned are received.
In embodiments of the present invention, when client receives the configuration file and characteristic information of user's input
When, the configuration file and characteristic information can be sent to server, server is according to the configuration file
And characteristic information automatically generates digital certificate files corresponding with characteristic information, is made by hand without user
Digital certificate files and configuration file is repeatedly inputted, drastically increases the efficiency of digital certificate generation,
The probability of information error is reduced, is easy to safeguard digital certificate, saves maintenance time and human resources.
The step of reference picture 2, embodiment of the method two for showing a kind of generation digital certificate of the invention, flows
Cheng Tu.
In a kind of preferred embodiment of the embodiment of the present invention, the embodiment of the present invention can apply to as family
Base station (Home eNodeB, abbreviation H (e) NB;Femto base stations are can be described as again) make digital certificate
The scene of file.Home eNodeB be it is a kind of it is small-sized, may be mounted at interior, configure flexible base station,
Low cost, high-speed data transmission service can be provided the user.
H (e) NB can be deployed in Nanocell systems, and Nanocell is from following mobile broadband network hair
(radio access node of low-power, is operated in a kind of new integrated Small Cell that exhibition angle is proposed
Frequency spectrum authorize, unauthorized, can cover 10 meters to 200 meters of scope) and WLAN (Wireless
Local Area Networks, WLAN) mobile access product form and its system schema.
On product form, Nanocell is that one kind is integrated with Small Cell base stations and WLAN AP (Wireless
Access Point, wireless access points) function radio reception device.On system schema,
Nanocell provides Cellular Networks service by the fusion of network and carrier-class WLAN is serviced.Nanocell
By operator is in focus or needs to mend blind regional deployment and maintenance, ensure to set by reliable security mechanism
Standby, signaling and data transmission security.
NanoCell is located at network end-point, can pass through GPON (Gigabit-Capable PON, passive light
Access system) or PTN (Packet Transport Network, Packet Transport Network) or PpoE (PPP over
Point-to-point protocol on Ethernet, Ethernet) etc. circuit access.If especially accessed by public network,
There is problem in the authenticity of equipment, therefore use Ipsec (Internet Protocol under most network environments
Security, internet protocol security) secure accessing.
With reference to shown in Fig. 3 Nanocell configuration diagrams, Nanocell systems can include smart mobile phone,
The terminals such as computer, pad, TD-LTE Femto base stations (i.e. H (e) NB), security gateway (Security
Gateway, abbreviation SeGW), GW (GateWay, gateway), network management system and other supports set
Standby (SGSN (Serving GPRS Support Node, service universal grouping wireless clothes in such as Fig. 3
Business supporting node)/GGSN (Gateway GPRS Support Node, gateway general packet radio service
Supporting node), MSC (Mobile Switching Center, mobile switching centre), MME (Mobility
Management Entity, mobile management nodes), SGW (Serving GateWay, gateway),
PGW (PDN GateWay, public data network gateway), HSS (Home Subscriber Server,
User ascription area server), (Authentication, Authorization, Accounting are tested AAA
Card, authorization and accounting server), AC (Access Controller, wireless controller), PORTAL
(certificate server).Wherein, H (e) NB can support TD-LTE (Time Division Long Term
Evolution, time-division Long Term Evolution)/TD-SCDMA (Time Division-Synchronous Code
Division Multiple Access, TD SDMA) tri- kinds of standards of/WLAN, pass through backhaul
Net (including PON (Passive Optical Network, passive optical-fiber network), PTN, Ethernet etc.)
Accessing GW and AC, there is provided 3G, 4G and WIFI (WIreless-Fidelity, Wireless Fidelity) business.
In the maintenance of current TD-LTE wireless access networks, SeGW is in H (e) NB and AG and operator
The passage of a safety is provided between network.SeGW is responsible for that peace is set up and kept between H (e) NB
Complete (pressing IPSec/IKEv2 (Internet Key Exchange) Standard Encryption) connection.Setting up connection
Afterwards, H (e) NB need to be authenticated SeGW using the public key safety certificate signed, so can be with
Prevent malice from accessing.Meanwhile, VPN (Virtual can be set up between H (e) NB and SeGW
Private Network, VPN), and communication data is encrypted, it is ensured that safer is logical
Letter.
As shown in table 1 below, before H (e) NB and SeGW are authenticated, H (e) NB need initially to match somebody with somebody
H (e) NB digital certificate and credential key is put, while configuring a trusted in H (e) NB
Gateway server digital certificate list, corresponding to the service for the gateway that it will be received from SeGW
The digital certificate of device.The digital certificate and certificate that the server of a gateway is also configured in SeGW are close
Key, while H (e) NB trusty digital certificate list is configured in SeGW, corresponding to it
From H (e) NB H (e) NB received digital certificate.
Table 1
It should be noted that wherein H (e) NB root certificate, H (e) NB digital certificate and credential key
It can be generated by same CA (Certificate Authority, digital certificate authentication center) server;
SeGW root certificate, the digital certificate of the server of gateway and credential key can also be by same
CA servers are generated.
With reference to Fig. 4 identifying procedure figure, H (e) NB and SeGW identifying procedure is shown, in Fig. 4
In, first group of interaction (IKE_SA_INIT_REQUEST and IKE_SA_INIT_RESPONSE)
Be mainly used for consulting SA (wildcard), second group of interaction (IKE_AUTH_REQUEST with
And IKE_AUTH_RESPONSE) it is used for the digital certificate and authentication numeral card of switching equipment
Book.Both sides produce signature with credential key, and the information such as its digital certificate and signature is carried
Swapped in IKE_AUTH message, recipient needs to use the reliable list of cert locally preserved
Checked with signature, for judging whether authentication succeeds.
The embodiment of the present invention can with automatic batch make H (e) NB digital certificate, in the specific implementation,
Before H (e) NB digital certificate is made, root certificate, Ran Houtong can be made for H (e) NB first
Cross root certificate generation server certificate and H (e) NB digital certificate.
In one embodiment, the making principles of root certificate can be:Using difference in input parameter
Province's title distinguish root certificate, one province of correspondence generates a root certificate.It can be preset using fixed
Template inputs the parameter of root certificate, so that according to the default template, root certificate is generated using general method
And corresponding key is to (public key and private key), to facilitate later stage batch life on this basis H (e) NB's
Digital certificate files.
As a kind of example, the parameter inputted during generation root certificate is as shown in table 2 below:
Table 2
It should be noted that in table 2, planning value is the value of customization root certificate, the embodiment of the present invention pair
The specific value of planning value is not restricted.
Generate after root certificate, one root certificate of correspondence generates a server certificate, in the specific implementation,
Can be using general server certificate generation method generation server certificate and corresponding key pair.
Generate after root certificate and server certificate, then can perform the embodiment of the present invention, generate
H (e) NB digital certificate files, wherein, one H (e) NB of correspondence generates a digital certificate files,
The digital certificate files serial number, the numbering is unique in the range of province, such as hnb1, hnb2 ....
In the specific implementation, H (e) NB digital certificate files can include the number of H (e) NB
The credential key (including public key and private key) of word certificate and the digital certificate, H (e) NB number
The mark of word certificate can be expressed as digital certificate title+numbering;The mark of one H (e) NB credential key
Knowledge can be expressed as key title+numbering.Wherein, the numbering of digital certificate and corresponding key from
Base Serial Number rises, and sequentially numbers, and both coding rules are unified, i.e., one digital certificate files use one
Individual unified numbering, the numbering of the numbering of digital certificate and credential key therein with digital certificate files
It is identical.
Specifically, the embodiment of the present invention may include steps of:
Step 201, when client receives the configuration file of user's input, the configuration file is sent out
Deliver in server;
Applied to the embodiment of the present invention, the information input interface input pair that user can be showed by client
The configuration file answered, or, user can also be by the upload interface upload configuration file of client.
As a kind of example of the embodiment of the present invention, the configuration file can include following information one kind or
It is a variety of:The configuration script that automatically generates, system configuration information (including openssl.conf, ipsec.conf,
Strongswan.conf etc.), root certificate, the digital certificate of server etc..For example, based on H (e) NB
The partial content that configuration file is included can be with as shown in table 3 below:
Table 3
In the specific implementation, root certificate and server certificate can be uploaded to client by user, also may be used
To merely enter the mark (for example, saving name) of root certificate and server certificate, by client from locally obtaining
Take corresponding root certificate and server certificate.
Client is received after the configuration file of user's input, can further be sent the configuration file
Into server.
Step 202, the control for input feature vector information is showed in the client;
Client sends configuration file to server, can show in the client for inputting spy
The control of reference breath, wherein, the control is as providing user the interface of input feature vector information.
In one embodiment, the corresponding coding information of the control can be stored in client locally, when
After client send configuration file to server, client is i.e. from locally obtaining the corresponding coding of the control
Information, and the coding information is rendered, to show corresponding control in the interface of client.
In another embodiment, the corresponding coding information of the control can also be stored in the server,
After server receives configuration file, certificates constructing main program can be performed, using the main program to
Client returns to the corresponding coding information of control, and client is received after the coding information, to the coding
Information is rendered, to show corresponding control to user.
Step 203, the characteristic information that is inputted in the control of user is received, and by the characteristic information
Send to server;
As a kind of preferred exemplary of the embodiment of the present invention, the control showed can at least include Base Serial Number
Input control, and, quantity input control, then corresponding characteristic information can at least include:Need life
Into digital certificate files Base Serial Number, and, it is necessary to generation digital certificate files quantity.Example
As, it is necessary to generation digital certificate files Base Serial Number be 99, it is necessary to generation digital certificate files
Quantity is 10.
In a kind of preferred embodiment of the embodiment of the present invention, step 203 can include following sub-step:
Sub-step S11, receives the characteristic information that user inputs in the control;
Sub-step S12, verifies whether the characteristic information meets preset rules;If it is not, then performing sub-step
Rapid S13;If so, then performing sub-step S14;
Sub-step S13, generates prompt message, the feature of preset rules is met to point out user to re-enter
Information;
Sub-step S14, the characteristic information is sent to server.
Specifically, first can be with automatic Verification after client receives user's input feature vector information
Whether this feature information meets preset rules, in one embodiment, and the preset rules can be judgement
This feature information whether be positive integer rule, when input characteristic information be positive integer when, then can sentence
Determine this feature information and meet preset rules, and this feature information is sent to server;If the feature of input
Information is not positive integer, then can be determined that this feature information does not meet preset rules, at this point it is possible to generate
Prompt message, and will be prompted to information and be presented to user, meet preset rules to point out user to re-enter
Characteristic information, if for example, the characteristic information of user's input is 9.9 or character a, b etc., prompting is inputted
Mistake, and require to re-enter correct positive integer.
Step 204, user's confirmation that the reception server is returned, user's confirmation is showed
To user;
, can be based on the generation of this feature information after server receives characteristic information in server side
User's confirmation, user's confirmation be used for ask user reaffirm input characteristic information whether
For the characteristic information needed for oneself, for example, user's confirmation can be " Are you sure(you
Whether determine)[y/n]:”.
After server generation user's confirmation, user's confirmation is returned to client.Then in visitor
Family end, renders user's confirmation, to show user's confirmation to user.
Step 205, it is raw when detecting the confirmation operation that user is sent based on user's confirmation
Confirm that instruction is sent to server into confirmation instruction, and by described;
User can input corresponding operation for user's confirmation, for example, input " n " or
Characters such as non-" y " negative operation or do not confirm operation, or, input " y " or " it is determined that " etc.
The confirmation operation of character.
When client, which detects user, sends confirmation operation based on user's confirmation, it can generate really
Recognize instruction, and confirm that instruction is sent to server by described.
When client, which detects user, sends negative operation based on user's confirmation, it can generate and move back
Go out instruction, and the exit instruction is sent to server.
In server side, when receiving exit instruction, then current main program is exited.
When receive confirm instruction when, then can instruct according to the confirmation, perform configuration file, generation and
The corresponding digital certificate files of characteristic information.
In a kind of preferred embodiment of the embodiment of the present invention, server can generate number in the following way
Word certificate file:Call the configuration file, generation and the number of the digital certificate files for needing to generate
Measure the digital certificate files of respective amount;The digital certificate text of first generation is used as using the Base Serial Number
The numbering of part;Based on the Base Serial Number, to number the digital certificate that incremental mode names other to generate
The numbering of file.
, can be with integrated openssl interfaces and bash interfaces in server applied to the embodiment of the present invention, should
Bash interfaces are used to parse configuration file, after server receives confirmation instruction, call this
Bash interfaces parse configuration file, judge holding with the presence or absence of generation digital certificate files in configuration file
Necessary configuration information in row environment, if there is no necessary configuration information, then generation error prompting.
If there is necessary configuration information, then openssl interfaces are called to perform corresponding configuration file,
For example, performing Openssl configuration informations, the quantity with the digital certificate files for needing to generate is obtained
The digital certificate files of respective numbers, and the digital certificate files of first generation are used as using Base Serial Number
Numbering, the numbering of the digital certificate files of other generations is incrementally named with the Base Serial Number.
For example, it is desired to which the Base Serial Number of the digital certificate files of generation is 99, it is necessary to the digital certificate of generation
The quantity of file is 10, then the numbering of the digital certificate files of first generation is 99, second generation
The numberings of digital certificate files be 100, the numbering of the digital certificate files of second generation is 101 ...,
The numbering of the digital certificate files of 10th generation is 108.
After the digital certificate files of server generation requirement, packing routine interface can be called, will
The digital certificate files and configuration file of the requirement are packaged into a compressed package, and by the compressed package
Send to client.For example, packing routine interface is called, by caCert.pem, hnb*Cert.pem
(H (e) NB digital certificate), hnb*Key.pem (H (e) NB credential key), ipsec.secrets,
The compressing files such as segwCert.pem, config.sh, ipsec.conf, strongswan.conf are pressed into one
Contracting bag, and the compressed package is sent to client.
In the specific implementation, during server generation digital certificate files, daily record note can also be generated
Record, the log recording is used to record all operation informations in digital certificate files generating process.
Step 206, the digital certificate files that the server is returned are received;
Step 207, the digital certificate files are distributed to Home eNodeB H (e) NB of respective amount respectively
In.
In a kind of preferred embodiment of the embodiment of the present invention, step 207 can include following sub-step:
Sub-step S11, decompresses the compressed file, obtains multiple digital certificate files and corresponding configuration
File, the configuration file includes configuration script;
The multiple digital certificate files and corresponding configuration file, are uploaded to pair by sub-step S12 respectively
In H (e) NB answered board, in the board of H (e) NB, the configuration script is performed, with
The digital certificate files are arranged on to the specified location of H (e) NB.
It is local in client, the compressed package can be decompressed, multiple digital certificate files is obtained and corresponding matches somebody with somebody
Put file, for example, decompression after, obtain caCert.pem, hnb*Cert.pem, hnb*Key.pem,
The files such as ipsec.secrets, segwCert.pem, config.sh, ipsec.conf, strongswan.conf.
After digital certificate files after being decompressed, can by FTP (File Transfer Protocol,
FTP) etc. file transfer conveyance by the folder content after decompression upload to correspondence H (e) NB
Board temporary folder (such as/tmp files) in, at this point it is possible to generate the digital certificate files
The corresponding relation that identifies of numbering and H (e) NB, the digital certificate files are associated with H (e) NB
Get up.
Then configuration script ./config.sh is performed in temporary file, then digital certificate files can be installed
Into corresponding H (e) NB specified location.
As a kind of example, H (e) NB of configuration file and generation in table 3 digital certificate and its
The path that credential key is installed in H (e) NB is as shown in table 4 below:
Table 4
In order that those skilled in the art better understood when the embodiment of the present invention, below by way of a tool
Body example is subject to exemplary illustration to the embodiment of the present invention, but it should explanation, the embodiment of the present invention is simultaneously
Not limited to this.
(1) client configuration file is uploaded onto the server /etc/pki/CA catalogues under;
(2) server performs digital certificate generation main program;
(3) server, which is checked, whether there is necessary configuration information in configuration file;
(4) if there is necessary configuration information, control is shown to user by client, and receive
The characteristic information that user is inputted by control, this feature information includes needing the digital certificate files of generation
Base Serial Number (e.g., 99), and, it is necessary to the quantity (e.g., 30) of the digital certificate files of generation;
(5) server shows user's confirmation " Are you sure by client to user[y/n]:
(whether you determine)”;
(6) when user inputs the character of " n " or non-" y ", exit digital certificate and generate main journey
Sequence;If user inputs " y " character, configuration file is called, 30 digital certificate files are generated, and
30 digital certificate files are sequentially numbered from Base Serial Number;
(7) 30 digital certificate files and configuration file are compressed, generation is named as hnb99.tar.gz
Compressed package, by the compressed package return client;
(8) after client receives compressed package, the compressed package is decompressed, by 30 obtained after decompression
Digital certificate files and corresponding configuration file are distributed in corresponding 30 H (e) NB;
(9) perform configuration script in each H (e) NB respectively, then can be by corresponding digital certificate text
Part is arranged under the assigned catalogue of H (e) NB.
In embodiments of the present invention, it can be inputted automatically according to H (e) NB configuration file and user
Characteristic information, Mass production meets the digital certificate files of characteristic information, drastically increases digital certificate
The efficiency of file generated, experimental data shows, according to embodiments of the present invention, can complete within 5 minutes thousands of
The making of certificate file.
In addition, the embodiment of the present invention can automatically generate configuration script, without the secondary editor's rule of operation maintenance personnel
Data are drawn, the probability of layout data error is reduced.
Further, since Mass production digital certificate files of the embodiment of the present invention, then it is accurate fixed to be easy to
Position overcomes the defect that problem inefficiency is positioned manually, takes time and effort to the problem of error, saves manpower,
Base station maintenance cost is reduced, base station maintenance quality is improved.
The step of reference picture 5, embodiment of the method three for showing a kind of generation digital certificate of the invention, flows
Cheng Tu, the embodiment of the present invention is described from server side, specifically may include steps of:
Step 501, the configuration file that client is sent is received;
Step 502, receive what client was sent, the spy inputted in the control that user shows in the client
Reference ceases;
Step 503, according to the characteristic information, the configuration file is called, generation is believed with the feature
Cease corresponding digital certificate files;
Step 504, the digital certificate files are returned into client.
In a kind of preferred embodiment of the embodiment of the present invention, the characteristic information at least includes:Need life
Into digital certificate files Base Serial Number, and, it is necessary to generation digital certificate files quantity;
The step 503 can include following sub-step:
Sub-step S21, calls the configuration file, generation and the digital certificate files for needing to generate
Quantity respective amount digital certificate files;
Sub-step S22, the numbering of the digital certificate files of first generation is used as using the Base Serial Number;
Sub-step S23, based on the Base Serial Number, to number the number that incremental mode names other to generate
The numbering of word certificate file.
In a kind of preferred embodiment of the embodiment of the present invention, before step 503, it can also include such as
Lower step:
User's confirmation is generated based on the characteristic information;
User's confirmation is returned to client, the client is used for user's confirmation
User is presented to, and when detecting the confirmation operation that user is sent based on user's confirmation, it is raw
Into instruction is confirmed, confirm that instruction is sent to server by described.
For Fig. 5 embodiment of the method, because it is substantially similar to above-mentioned Fig. 2 embodiment of the method,
So description is fairly simple, related part illustrates referring to the part of Fig. 2 embodiment of the method.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as to one it is
The combination of actions of row, but those skilled in the art should know that the embodiment of the present invention is not by described
Sequence of movement limitation because according to the embodiment of the present invention, some steps can using other orders or
Person is carried out simultaneously.Secondly, those skilled in the art should also know, embodiment described in this description
Belong to necessary to preferred embodiment, the involved action not necessarily embodiment of the present invention.
Reference picture 6, shows a kind of structural frames of the client embodiment of generation digital certificate of the present invention
Figure, can specifically include following module:
Configuration file sending module 601, for when receiving the configuration file of user's input, by described in
Configuration file is sent into server;
Control exposure module 602, for showing the control for input feature vector information in the client;
Characteristic information sending module 603, for receiving the characteristic information that user inputs in the control,
And send the characteristic information to server, the server is used for according to the characteristic information, calls
The configuration file, generates digital certificate files corresponding with the characteristic information;
Digital certificate receiving module 604, for receiving the digital certificate files that the server is returned.
In a kind of preferred embodiment of the embodiment of the present invention, the characteristic information at least includes:Need life
Into digital certificate files Base Serial Number, and, it is necessary to generation digital certificate files quantity.
In a kind of preferred embodiment of the embodiment of the present invention, the client can also include following mould
Block:
Distribution module, the designated entities pair for the digital certificate files to be distributed to respective amount respectively
As in.
In a kind of preferred embodiment of the embodiment of the present invention, the designated entities object includes Home eNodeB
H(e)NB;The digital certificate files that the server is returned are compressed file, and the compressed file includes many
Individual digital certificate files and corresponding configuration file;
The distribution module can further include following submodule:
Submodule is decompressed, for decompressing the compressed file, multiple digital certificate files are obtained and corresponding
Configuration file, the configuration file includes configuration script;
Certificate uploads submodule, for respectively by the multiple digital certificate files and corresponding configuration file
In the board for being uploaded to corresponding H (e) NB, in the board of H (e) NB, the configuration is performed
Script, the digital certificate files is arranged on the specified location of H (e) NB.
In a kind of preferred embodiment of the embodiment of the present invention, the characteristic information sending module 603 can be with
Including following submodule:
Characteristic information receiving submodule, for receiving the characteristic information that user inputs in the control;
Submodule is verified, for verifying whether the characteristic information meets preset rules;If it is not, then calling
Prompting submodule, if so, then calling characteristic information sending submodule;
Prompting submodule, for generating prompt message, meets preset rules to point out user to re-enter
Characteristic information;
Characteristic information sending submodule, for the characteristic information to be sent to server.
In a kind of preferred embodiment of the embodiment of the present invention, the client can also include following mould
Block:
Confirmation receiving module, the user's confirmation returned for the reception server;
Confirmation display module, for user's confirmation to be presented into user;
Confirm directive generation module, sent really based on user's confirmation for user ought to be detected
When recognizing operation, generation confirms instruction, and confirms that instruction is sent to server by described, and the server is used
In confirming instruction according to described, the configuration file is called, numeral corresponding with the characteristic information is generated
Certificate file.
For client embodiment, because it is substantially similar to above-mentioned embodiment of the method, so retouching
That states is fairly simple, and the relevent part can refer to the partial explaination of embodiments of method.
Reference picture 7, shows a kind of structural frames of the server example of generation digital certificate of the present invention
Figure, can specifically include following module:
Configuration file receiving module 701, the configuration file for receiving client transmission;
Characteristic information receiving module 702, for receiving client transmission, user shows in the client
Control in the characteristic information that inputs;
Digital certificate generation module 703, for according to the characteristic information, calling the configuration file,
Generation digital certificate files corresponding with the characteristic information;
Digital certificate sending module 704, for the digital certificate files to be returned into client.
In a kind of preferred embodiment of the embodiment of the present invention, the characteristic information at least includes:Need life
Into digital certificate files Base Serial Number, and, it is necessary to generation digital certificate files quantity;
The digital certificate generation module 703 can include following submodule:
Certificates constructing submodule, for calling the configuration file, generation and the numeral for needing to generate
The digital certificate files of the quantity respective amount of certificate file;
First numbering submodule, for the digital certificate files using the Base Serial Number as first generation
Numbering;
Second numbering submodule, for based on the Base Serial Number, other to be named in the mode for numbering incremental
The numbering of the digital certificate files of generation.
In a kind of preferred embodiment of the embodiment of the present invention, the server can also include following mould
Block:
Confirmation generation module, for generating user's confirmation based on the characteristic information;
Confirmation sending module, for returning to user's confirmation, the client to client
For user's confirmation to be presented into user, and user's confirmation letter is based on detecting user
When ceasing the confirmation operation sent, generation confirms instruction, confirms that instruction is sent to server by described.
For server example, because it is substantially similar to above-mentioned embodiment of the method, so retouching
That states is fairly simple, and the relevent part can refer to the partial explaination of embodiments of method.
Each embodiment in this specification is described by the way of progressive, and each embodiment is stressed
Be all between difference with other embodiment, each embodiment identical similar part mutually referring to
.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can be provided as method, dress
Put or computer program product.Therefore, the embodiment of the present invention can using complete hardware embodiment, completely
The form of embodiment in terms of software implementation or combination software and hardware.Moreover, the embodiment of the present invention
Can use can be situated between in one or more computers for wherein including computer usable program code with storage
The computer journey that matter is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of sequence product.
The embodiment of the present invention is with reference to method according to embodiments of the present invention, terminal device (system) and meter
The flow chart and/or block diagram of calculation machine program product is described.It should be understood that can be by computer program instructions
Each flow and/or square frame and flow chart and/or square frame in implementation process figure and/or block diagram
The combination of flow and/or square frame in figure.Can provide these computer program instructions to all-purpose computer,
The processor of special-purpose computer, Embedded Processor or other programmable data processing terminal equipments is to produce
One machine so that pass through the computing devices of computer or other programmable data processing terminal equipments
Instruction produce be used to realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The device for the function of being specified in multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable datas to handle
In the computer-readable memory that terminal device works in a specific way so that be stored in this computer-readable
Instruction in memory, which is produced, includes the manufacture of command device, and command device realization is in flow chart one
The function of being specified in flow or multiple flows and/or one square frame of block diagram or multiple square frames.
These computer program instructions can also be loaded into computer or other programmable data processing terminals are set
It is standby upper so that series of operation steps is performed on computer or other programmable terminal equipments in terms of producing
The processing that calculation machine is realized, so that the instruction performed on computer or other programmable terminal equipments provides use
In realization in one flow of flow chart or multiple flows and/or one square frame of block diagram or multiple square frames
The step of function of specifying.
Although having been described for the preferred embodiment of the embodiment of the present invention, those skilled in the art are once
Basic creative concept is known, then other change and modification can be made to these embodiments.So,
Appended claims are intended to be construed to include preferred embodiment and fall into the institute of range of embodiment of the invention
Have altered and change.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms
It is used merely to make a distinction an entity or operation with another entity or operation, and not necessarily requires
Or imply between these entities or operation there is any this actual relation or order.Moreover, art
Language " comprising ", "comprising" or any other variant thereof is intended to cover non-exclusive inclusion, so that
Process, method, article or terminal device including a series of key elements not only include those key elements, and
Also include other key elements for being not expressly set out, or also include for this process, method, article or
The intrinsic key element of person's terminal device.In the absence of more restrictions, by sentence " including one
It is individual ... " limit key element, it is not excluded that at the process including the key element, method, article or end
Also there is other identical element in end equipment.
A kind of method, client and server for generating digital certificate provided by the present invention is carried out above
It is discussed in detail, specific case used herein is explained to the principle and embodiment of the present invention
State, the explanation of above example is only intended to the method and its core concept for helping to understand the present invention;Meanwhile,
For those of ordinary skill in the art, according to the thought of the present invention, in embodiment and model is applied
Place and will change, in summary, this specification content should not be construed as limiting the invention.
Claims (18)
1. a kind of method for generating digital certificate, it is characterised in that methods described includes:
When client receives the configuration file of user's input, the configuration file is sent to server
In;
Show the control for input feature vector information in the client;
The characteristic information that user inputs in the control is received, and the characteristic information is sent to service
Device, the server is used for according to the characteristic information, calls the configuration file, generation and the spy
Reference ceases corresponding digital certificate files;
Receive the digital certificate files that the server is returned.
2. according to the method described in claim 1, it is characterised in that the characteristic information at least includes:
Need the Base Serial Number of the digital certificate files of generation, and, it is necessary to the number of the digital certificate files of generation
Amount.
3. method according to claim 2, it is characterised in that also include:
The digital certificate files are distributed in the designated entities object of respective amount respectively.
4. method according to claim 3, it is characterised in that the designated entities object includes
Home eNodeB H (e) NB;The digital certificate files that the server is returned are compressed file, the compression
File includes multiple digital certificate files and corresponding configuration file;
It is described that the digital certificate files are distributed to the step in the designated entities object of respective amount respectively
Suddenly include:
The compressed file is decompressed, multiple digital certificate files and corresponding configuration file is obtained, it is described to match somebody with somebody
Putting file includes configuration script;
The multiple digital certificate files and corresponding configuration file are uploaded to corresponding H (e) NB respectively
Board in, in the board of H (e) NB, perform the configuration script, the numeral demonstrate,proved
Written matter is arranged on the specified location of H (e) NB.
5. the method according to claim any one of 1-4, it is characterised in that the reception user
The characteristic information inputted in the control, and wrap the step of the characteristic information is sent to server
Include:
Receive the characteristic information that user inputs in the control;
Verify whether the characteristic information meets preset rules;
If it is not, then generating prompt message, the characteristic information of preset rules is met to point out user to re-enter;
If so, then the characteristic information is sent to server.
6. the method according to claim any one of 1-4, it is characterised in that used in described receive
The characteristic information that family is inputted in the control, and by the characteristic information send to the step of server it
Afterwards, in addition to:
User's confirmation that the reception server is returned;
User's confirmation is presented to user;
When detecting the confirmation operation that user is sent based on user's confirmation, generation confirmation refers to
Order, and confirm that instruction is sent to server by described, the server is used to confirm instruction according to described,
The configuration file is called, digital certificate files corresponding with the characteristic information are generated.
7. a kind of method for generating digital certificate, it is characterised in that methods described includes:
Receive the configuration file that client is sent;
Receive what client was sent, the characteristic information inputted in the control that user shows in the client;
According to the characteristic information, the configuration file is called, number corresponding with the characteristic information is generated
Word certificate file;
The digital certificate files are returned into client.
8. method according to claim 7, it is characterised in that the characteristic information at least includes:
Need the Base Serial Number of the digital certificate files of generation, and, it is necessary to the number of the digital certificate files of generation
Amount;
It is described to call the configuration file according to the characteristic information, generate corresponding with the characteristic information
Digital certificate files the step of include:
The configuration file is called, number corresponding with the quantity of the digital certificate files for needing to generate is generated
The digital certificate files of amount;
The numbering of the digital certificate files of first generation is used as using the Base Serial Number;
Based on the Base Serial Number, other digital certificate files generated are named to number incremental mode
Numbering.
9. the method according to claim 7 or 8, it is characterised in that described according to the spy
Reference ceases, and calls the configuration file, generates the step of digital certificate files corresponding with the characteristic information
Before rapid, in addition to:
User's confirmation is generated based on the characteristic information;
User's confirmation is returned to client, the client is used for user's confirmation
User is presented to, and when detecting the confirmation operation that user is sent based on user's confirmation, it is raw
Into instruction is confirmed, confirm that instruction is sent to server by described.
10. a kind of client for generating digital certificate, it is characterised in that the client includes:
Configuration file sending module, for when receiving the configuration file of user's input, by the configuration
File is sent into server;
Control exposure module, for showing the control for input feature vector information in the client;
Characteristic information sending module, for receiving the characteristic information that user inputs in the control, and will
The characteristic information is sent to server, and the server is used for according to the characteristic information, is called described
Configuration file, generates digital certificate files corresponding with the characteristic information;
Digital certificate receiving module, for receiving the digital certificate files that the server is returned.
11. client according to claim 10, it is characterised in that the characteristic information is at least
Including:Need the Base Serial Number of the digital certificate files of generation, and, it is necessary to the digital certificate text of generation
The quantity of part.
12. client according to claim 11, it is characterised in that also include:
Distribution module, the designated entities pair for the digital certificate files to be distributed to respective amount respectively
As in.
13. client according to claim 12, it is characterised in that the designated entities object
Including Home eNodeB H (e) NB;The digital certificate files that the server is returned are compressed file, described
Compressed file includes multiple digital certificate files and corresponding configuration file;
The distribution module includes:
Submodule is decompressed, for decompressing the compressed file, multiple digital certificate files are obtained and corresponding
Configuration file, the configuration file includes configuration script;
Certificate uploads submodule, for respectively by the multiple digital certificate files and corresponding configuration file
In the board for being uploaded to corresponding H (e) NB, in the board of H (e) NB, the configuration is performed
Script, the digital certificate files is arranged on the specified location of H (e) NB.
14. the client according to claim any one of 10-13, it is characterised in that the feature
Information sending module includes:
Characteristic information receiving submodule, for receiving the characteristic information that user inputs in the control;
Submodule is verified, for verifying whether the characteristic information meets preset rules;If it is not, then calling
Prompting submodule, if so, then calling characteristic information sending submodule;
Prompting submodule, for generating prompt message, meets preset rules to point out user to re-enter
Characteristic information;
Characteristic information sending submodule, for the characteristic information to be sent to server.
15. the client according to claim any one of 10-13, it is characterised in that also include:
Confirmation receiving module, the user's confirmation returned for the reception server;
Confirmation display module, for user's confirmation to be presented into user;
Confirm directive generation module, sent really based on user's confirmation for user ought to be detected
When recognizing operation, generation confirms instruction, and confirms that instruction is sent to server by described, and the server is used
In confirming instruction according to described, the configuration file is called, numeral corresponding with the characteristic information is generated
Certificate file.
16. a kind of server for generating digital certificate, it is characterised in that the server includes:
Configuration file receiving module, the configuration file for receiving client transmission;
Characteristic information receiving module, for receiving client transmission, the control that user shows in the client
The characteristic information inputted in part;
Digital certificate generation module, for according to the characteristic information, calling the configuration file, generation
Digital certificate files corresponding with the characteristic information;
Digital certificate sending module, for the digital certificate files to be returned into client.
17. server according to claim 16, it is characterised in that the characteristic information is at least
Including:Need the Base Serial Number of the digital certificate files of generation, and, it is necessary to the digital certificate text of generation
The quantity of part;
The digital certificate generation module includes:
Certificates constructing submodule, for calling the configuration file, generation and the numeral for needing to generate
The digital certificate files of the quantity respective amount of certificate file;
First numbering submodule, for the digital certificate files using the Base Serial Number as first generation
Numbering;
Second numbering submodule, for based on the Base Serial Number, other to be named in the mode for numbering incremental
The numbering of the digital certificate files of generation.
18. the server according to claim 16 or 17, it is characterised in that also include:
Confirmation generation module, for generating user's confirmation based on the characteristic information;
Confirmation sending module, for returning to user's confirmation, the client to client
For user's confirmation to be presented into user, and user's confirmation letter is based on detecting user
When ceasing the confirmation operation sent, generation confirms instruction, confirms that instruction is sent to server by described.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610244156.3A CN107306182B (en) | 2016-04-19 | 2016-04-19 | A kind of method, client and server generating digital certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610244156.3A CN107306182B (en) | 2016-04-19 | 2016-04-19 | A kind of method, client and server generating digital certificate |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107306182A true CN107306182A (en) | 2017-10-31 |
CN107306182B CN107306182B (en) | 2019-11-22 |
Family
ID=60152227
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610244156.3A Active CN107306182B (en) | 2016-04-19 | 2016-04-19 | A kind of method, client and server generating digital certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107306182B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019339A (en) * | 2019-05-31 | 2020-12-01 | 西安理邦科学仪器有限公司 | Automatic digital certificate distribution method and device |
CN114615309A (en) * | 2022-01-18 | 2022-06-10 | 奇安信科技集团股份有限公司 | Client access control method, device and system, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101388771A (en) * | 2007-09-10 | 2009-03-18 | 捷德(中国)信息科技有限公司 | Method and system for downloading digital certificate |
US20110047374A1 (en) * | 2009-08-12 | 2011-02-24 | General Instrument Corporation | Method and apparatus for a configurable online public key infrastructure (pki) management system |
US20140351581A1 (en) * | 2013-05-21 | 2014-11-27 | Cisco Technology, Inc. | Revocation of Public Key Infrastructure Signatures |
CN104683107A (en) * | 2015-02-28 | 2015-06-03 | 深圳市思迪信息技术有限公司 | Digital certificate storage method and device, and digital signature method and device |
CN105007277A (en) * | 2015-07-30 | 2015-10-28 | 浪潮电子信息产业股份有限公司 | Method for generating user certificate and web application |
-
2016
- 2016-04-19 CN CN201610244156.3A patent/CN107306182B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101388771A (en) * | 2007-09-10 | 2009-03-18 | 捷德(中国)信息科技有限公司 | Method and system for downloading digital certificate |
US20110047374A1 (en) * | 2009-08-12 | 2011-02-24 | General Instrument Corporation | Method and apparatus for a configurable online public key infrastructure (pki) management system |
US20140351581A1 (en) * | 2013-05-21 | 2014-11-27 | Cisco Technology, Inc. | Revocation of Public Key Infrastructure Signatures |
CN104683107A (en) * | 2015-02-28 | 2015-06-03 | 深圳市思迪信息技术有限公司 | Digital certificate storage method and device, and digital signature method and device |
CN105007277A (en) * | 2015-07-30 | 2015-10-28 | 浪潮电子信息产业股份有限公司 | Method for generating user certificate and web application |
Non-Patent Citations (1)
Title |
---|
单学勇等: "《财税管理实验教程》", 30 September 2009 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019339A (en) * | 2019-05-31 | 2020-12-01 | 西安理邦科学仪器有限公司 | Automatic digital certificate distribution method and device |
CN112019339B (en) * | 2019-05-31 | 2024-02-27 | 西安理邦科学仪器有限公司 | Automatic distribution method and device for digital certificates |
CN114615309A (en) * | 2022-01-18 | 2022-06-10 | 奇安信科技集团股份有限公司 | Client access control method, device and system, electronic equipment and storage medium |
CN114615309B (en) * | 2022-01-18 | 2024-03-15 | 奇安信科技集团股份有限公司 | Client access control method, device, system, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107306182B (en) | 2019-11-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103797832B (en) | The wireless communication established using concurrent re-authentication and connection | |
CN107852407A (en) | Unified certification for integration of compact cell and Wi Fi networks | |
US10791106B2 (en) | Digital credential with embedded authentication instructions | |
CN106465120A (en) | Method and nodes for integrating networks | |
CN107667554A (en) | Decentralized configuration device entity | |
CN106537944A (en) | Associating a device with another device's network subscription | |
CN108781216A (en) | Method and apparatus for network insertion | |
CN105101194A (en) | Terminal security authentication method, device and system | |
CN103688563A (en) | Performing a group authentication and key agreement procedure | |
EP3944649A1 (en) | Verification method, apparatus, and device | |
CN106375989A (en) | Method for realizing access layer security, user equipment, and small radio access network node | |
CN107529160A (en) | A kind of VoWiFi method for network access and system, terminal and wireless access points equipment | |
CN106972974A (en) | The Web network management systems and its terminal authentication method of a kind of electric power LTE wireless terminals | |
CN109788474A (en) | A kind of method and device of message protection | |
CN106203021B (en) | A kind of more certification modes are integrated to apply login method and system | |
WO2021227866A1 (en) | Network authentication method and apparatus, and system | |
US11540125B2 (en) | Authentication device, network device, communication system, authentication method, and non-transitory computer readable medium | |
Baldo et al. | A new model for the simulation of the LTE-EPC data plane | |
CN106302345B (en) | A kind of terminal authentication method and device | |
CN109788480A (en) | A kind of communication means and device | |
CN109479193A (en) | Communication system, subscriber information managing equipment, information acquisition method, non-transitory computer-readable medium and communication terminal | |
CN109803262A (en) | A kind of transmission method and device of network parameter | |
CN109391937A (en) | Acquisition methods, equipment and the system of public key | |
CN107735980A (en) | The configuration and certification of wireless device | |
CN112929876B (en) | Data processing method and device based on 5G core network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |