CN107306182A - A kind of method, client and server for generating digital certificate - Google Patents

A kind of method, client and server for generating digital certificate Download PDF

Info

Publication number
CN107306182A
CN107306182A CN201610244156.3A CN201610244156A CN107306182A CN 107306182 A CN107306182 A CN 107306182A CN 201610244156 A CN201610244156 A CN 201610244156A CN 107306182 A CN107306182 A CN 107306182A
Authority
CN
China
Prior art keywords
digital certificate
characteristic information
user
server
configuration file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610244156.3A
Other languages
Chinese (zh)
Other versions
CN107306182B (en
Inventor
冀学文
陈松
武凡羽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201610244156.3A priority Critical patent/CN107306182B/en
Publication of CN107306182A publication Critical patent/CN107306182A/en
Application granted granted Critical
Publication of CN107306182B publication Critical patent/CN107306182B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiments of the invention provide a kind of method, client and server for generating digital certificate, wherein methods described includes:When client receives the configuration file of user's input, the configuration file is sent into server;Show the control for input feature vector information in the client;The characteristic information that user inputs in the control is received, and the characteristic information is sent to server, the server is used for according to the characteristic information, the configuration file is called, digital certificate files corresponding with the characteristic information are generated;Receive the digital certificate files that the server is returned.The embodiment of the present invention can automatically generate digital certificate files, digital certificate files are made by hand without user and configuration file is repeatedly inputted, the efficiency of digital certificate generation is drastically increased, and reduce the probability of information error, it is easy to safeguard digital certificate, saves maintenance time and human resources.

Description

A kind of method, client and server for generating digital certificate
Technical field
The present invention relates to communication authentication technical field, more particularly to a kind of method for generating digital certificate, A kind of client and a kind of server of generation digital certificate for generating digital certificate.
Background technology
With the development of information technology, the more application scenarios of the multimedia service of high speed, broadband services are Indoor and hot zones, traditional cell mobile communication systems can not meet this kind of demand, family well The birth of formula base station (Home eNodeB, abbreviation H (e) NB) makes this problem effectively be solved. Wherein, H (e) NB be it is a kind of it is small-sized, may be mounted at interior, configure flexible base station, can Provide the user low cost, high-speed data transmission service.
In H (e) NB system architecture, UE (User Equipment, user equipment) and H (e) NB Air interface can be with UTRAN (UMTS Terrestrial Radio Access Network, general shifting The land radio access web of dynamic communication system) in air interface backward compatibility.The SeGW of core-network side (security gateway, security gateway) represents core net and is mutually authenticated with H (e) NB, due to H (e) NB are likely located in insincere region, and H (e) NB core network access is then likely to be unsafe, Therefore needs set up the communication connection channel of a safety between H (e) NB and SeGW.
Before H (e) NB and SeGW are authenticated, H (e) NB need one H (e) NB's of initial configuration Digital certificate and credential key, while the server of a gateway trusty is configured in H (e) NB Digital certificate list.In the prior art, the step of operation maintenance personnel makes H (e) NB digital certificate is such as Under:
(1) openssl (security socket layer cryptographic libraries) environmental variance is changed;
(2) data of different provinces and cities' planning are filled in, for example:Country, provinces and cities, city, company, portion Door, main frame etc., generate root certificate according to layout data and sign certainly;
(3) make server certificate and sign;
(4) configuration file is changed;
(5) when making H (e) NB digital certificate, the data of different provinces and cities' planning are filled in, for example:State Family, provinces and cities, city, company, department, main frame etc., and keep one with the input value of corresponding root certificate Cause.
However, inventor is when implementing prior art, it is found that at least there are the following problems for prior art:
(1) manual manufacture digital certificate, poor in timeliness a, working day is only capable of making 30 numeral cards Book;
(2) need to input layout data twice, manually need amount of input information big, be very easy to error;
(3) in O&M, often submitting to digital certificate can just pinpoint the problems behind base station, generally It is difficult to take into account different network elements, maintenance needs to spend more manpower.
The content of the invention
In view of the above problems, it is proposed that the embodiment of the present invention overcomes above mentioned problem or extremely to provide one kind A kind of method of the generation digital certificate partially solved the above problems and a kind of corresponding generation numeral The client of certificate and a kind of server of generation digital certificate.
In order to solve the above problems, the embodiment of the invention discloses a kind of method for generating digital certificate, institute The method of stating includes:
When client receives the configuration file of user's input, the configuration file is sent to server In;
Show the control for input feature vector information in the client;
The characteristic information that user inputs in the control is received, and the characteristic information is sent to service Device, the server is used for according to the characteristic information, calls the configuration file, generation and the spy Reference ceases corresponding digital certificate files;
Receive the digital certificate files that the server is returned.
Preferably, the characteristic information at least includes:The Base Serial Number of the digital certificate files of generation is needed, And, it is necessary to the quantity of the digital certificate files of generation.
Preferably, methods described also includes:
The digital certificate files are distributed in the designated entities object of respective amount respectively.
Preferably, the designated entities object includes Home eNodeB H (e) NB;What the server was returned Digital certificate files are compressed file, and the compressed file includes multiple digital certificate files and corresponding Configuration file;
It is described that the digital certificate files are distributed to the step in the designated entities object of respective amount respectively Suddenly include:
The compressed file is decompressed, multiple digital certificate files and corresponding configuration file is obtained, it is described to match somebody with somebody Putting file includes configuration script;
The multiple digital certificate files and corresponding configuration file are uploaded to corresponding H (e) NB respectively Board in, in the board of H (e) NB, perform the configuration script, the numeral demonstrate,proved Written matter is arranged on the specified location of H (e) NB.
Preferably, it is described to receive the characteristic information that user inputs in the control, and the feature is believed The step of breath is sent to server includes:
Receive the characteristic information that user inputs in the control;
Verify whether the characteristic information meets preset rules;
If it is not, then generating prompt message, the characteristic information of preset rules is met to point out user to re-enter;
If so, then the characteristic information is sent to server.
Preferably, in the characteristic information that is inputted in the control of reception user, and by the feature Information is sent to after the step of server, in addition to:
User's confirmation that the reception server is returned;
User's confirmation is presented to user;
When detecting the confirmation operation that user is sent based on user's confirmation, generation confirmation refers to Order, and confirm that instruction is sent to server by described, the server is used to confirm instruction according to described, The configuration file is called, digital certificate files corresponding with the characteristic information are generated.
The embodiment of the invention also discloses a kind of method for generating digital certificate, methods described includes:
Receive the configuration file that client is sent;
Receive what client was sent, the characteristic information inputted in the control that user shows in the client;
According to the characteristic information, the configuration file is called, number corresponding with the characteristic information is generated Word certificate file;
The digital certificate files are returned into client.
Preferably, the characteristic information at least includes:The Base Serial Number of the digital certificate files of generation is needed, And, it is necessary to the quantity of the digital certificate files of generation;
It is described to call the configuration file according to the characteristic information, generate corresponding with the characteristic information Digital certificate files the step of include:
The configuration file is called, number corresponding with the quantity of the digital certificate files for needing to generate is generated The digital certificate files of amount;
The numbering of the digital certificate files of first generation is used as using the Base Serial Number;
Based on the Base Serial Number, other digital certificate files generated are named to number incremental mode Numbering.
Preferably, described according to the characteristic information, the configuration file, generation and the spy are called Before the step of reference ceases corresponding digital certificate files, in addition to:
User's confirmation is generated based on the characteristic information;
User's confirmation is returned to client, the client is used for user's confirmation User is presented to, and when detecting the confirmation operation that user is sent based on user's confirmation, it is raw Into instruction is confirmed, confirm that instruction is sent to server by described.
The embodiment of the invention also discloses a kind of client for generating digital certificate, the client includes:
Configuration file sending module, for when receiving the configuration file of user's input, by the configuration File is sent into server;
Control exposure module, for showing the control for input feature vector information in the client;
Characteristic information sending module, for receiving the characteristic information that user inputs in the control, and will The characteristic information is sent to server, and the server is used for according to the characteristic information, is called described Configuration file, generates digital certificate files corresponding with the characteristic information;
Digital certificate receiving module, for receiving the digital certificate files that the server is returned.
Preferably, the characteristic information at least includes:The Base Serial Number of the digital certificate files of generation is needed, And, it is necessary to the quantity of the digital certificate files of generation.
Preferably, the client also includes:
Distribution module, the designated entities pair for the digital certificate files to be distributed to respective amount respectively As in.
Preferably, the designated entities object includes Home eNodeB H (e) NB;What the server was returned Digital certificate files are compressed file, and the compressed file includes multiple digital certificate files and corresponding Configuration file;
The distribution module includes:
Submodule is decompressed, for decompressing the compressed file, multiple digital certificate files are obtained and corresponding Configuration file, the configuration file includes configuration script;
Certificate uploads submodule, for respectively by the multiple digital certificate files and corresponding configuration file In the board for being uploaded to corresponding H (e) NB, in the board of H (e) NB, the configuration is performed Script, the digital certificate files is arranged on the specified location of H (e) NB.
Preferably, the characteristic information sending module includes:
Characteristic information receiving submodule, for receiving the characteristic information that user inputs in the control;
Submodule is verified, for verifying whether the characteristic information meets preset rules;If it is not, then calling Prompting submodule, if so, then calling characteristic information sending submodule;
Prompting submodule, for generating prompt message, meets preset rules to point out user to re-enter Characteristic information;
Characteristic information sending submodule, for the characteristic information to be sent to server.
Preferably, in addition to:
Confirmation receiving module, the user's confirmation returned for the reception server;
Confirmation display module, for user's confirmation to be presented into user;
Confirm directive generation module, sent really based on user's confirmation for user ought to be detected When recognizing operation, generation confirms instruction, and confirms that instruction is sent to server by described, and the server is used In confirming instruction according to described, the configuration file is called, numeral corresponding with the characteristic information is generated Certificate file.
The embodiment of the invention also discloses a kind of server for generating digital certificate, the server includes:
Configuration file receiving module, the configuration file for receiving client transmission;
Characteristic information receiving module, for receiving client transmission, the control that user shows in the client The characteristic information inputted in part;
Digital certificate generation module, for according to the characteristic information, calling the configuration file, generation Digital certificate files corresponding with the characteristic information;
Digital certificate sending module, for the digital certificate files to be returned into client.
Preferably, the characteristic information at least includes:The Base Serial Number of the digital certificate files of generation is needed, And, it is necessary to the quantity of the digital certificate files of generation;
The digital certificate generation module includes:
Certificates constructing submodule, for calling the configuration file, generation and the numeral for needing to generate The digital certificate files of the quantity respective amount of certificate file;
First numbering submodule, for the digital certificate files using the Base Serial Number as first generation Numbering;
Second numbering submodule, for based on the Base Serial Number, other to be named in the mode for numbering incremental The numbering of the digital certificate files of generation.
Preferably, the server also includes:
Confirmation generation module, for generating user's confirmation based on the characteristic information;
Confirmation sending module, for returning to user's confirmation, the client to client For user's confirmation to be presented into user, and user's confirmation letter is based on detecting user When ceasing the confirmation operation sent, generation confirms instruction, confirms that instruction is sent to server by described.
The embodiment of the present invention includes advantages below:
In embodiments of the present invention, when client receives the configuration file and characteristic information of user's input When, the configuration file and characteristic information can be sent to server, server is according to the configuration file And characteristic information automatically generates digital certificate files corresponding with characteristic information, is made by hand without user Digital certificate files and configuration file is repeatedly inputted, drastically increases the efficiency of digital certificate generation, The probability of information error is reduced, is easy to safeguard digital certificate, saves maintenance time and human resources.
Brief description of the drawings
Fig. 1 is a kind of step flow chart of the embodiment of the method one of generation digital certificate of the present invention;
Fig. 2 is a kind of step flow chart of the embodiment of the method two of generation digital certificate of the present invention;
Fig. 3 is that the Nanocell frameworks in a kind of embodiment of the method two of generation digital certificate of the present invention show It is intended to;
Fig. 4 is the identifying procedure figure in a kind of embodiment of the method two of generation digital certificate of the present invention;
Fig. 5 is a kind of step flow chart of the embodiment of the method three of generation digital certificate of the present invention;
Fig. 6 is a kind of structured flowchart of the client embodiment of generation digital certificate of the present invention;
Fig. 7 is a kind of structured flowchart of the server example of generation digital certificate of the present invention.
Embodiment
In order to facilitate the understanding of the purposes, features and advantages of the present invention, below in conjunction with the accompanying drawings The present invention is further detailed explanation with embodiment.
One of the core concepts of the embodiments of the present invention is, automatically generates configuration script, when receiving user After the Base Serial Number and quantity of input, configuration file, batch making H (e) NB number are called automatically Word certificate, can reach the effect for making 1000 keys in 5 minutes, release and safeguard manpower.
The step of reference picture 1, embodiment of the method one for showing a kind of generation digital certificate of the invention, flows Cheng Tu, specifically may include steps of:
Step 101, when client receives the configuration file of user's input, the configuration file is sent out Deliver in server;
Step 102, the control for input feature vector information is showed in the client;
Step 103, the characteristic information that is inputted in the control of user is received, and by the characteristic information Send to server;
The server is used for according to the characteristic information, calls the configuration file, generation and the spy Reference ceases corresponding digital certificate files.
Step 104, the digital certificate files that the server is returned are received.
In embodiments of the present invention, when client receives the configuration file and characteristic information of user's input When, the configuration file and characteristic information can be sent to server, server is according to the configuration file And characteristic information automatically generates digital certificate files corresponding with characteristic information, is made by hand without user Digital certificate files and configuration file is repeatedly inputted, drastically increases the efficiency of digital certificate generation, The probability of information error is reduced, is easy to safeguard digital certificate, saves maintenance time and human resources.
The step of reference picture 2, embodiment of the method two for showing a kind of generation digital certificate of the invention, flows Cheng Tu.
In a kind of preferred embodiment of the embodiment of the present invention, the embodiment of the present invention can apply to as family Base station (Home eNodeB, abbreviation H (e) NB;Femto base stations are can be described as again) make digital certificate The scene of file.Home eNodeB be it is a kind of it is small-sized, may be mounted at interior, configure flexible base station, Low cost, high-speed data transmission service can be provided the user.
H (e) NB can be deployed in Nanocell systems, and Nanocell is from following mobile broadband network hair (radio access node of low-power, is operated in a kind of new integrated Small Cell that exhibition angle is proposed Frequency spectrum authorize, unauthorized, can cover 10 meters to 200 meters of scope) and WLAN (Wireless Local Area Networks, WLAN) mobile access product form and its system schema. On product form, Nanocell is that one kind is integrated with Small Cell base stations and WLAN AP (Wireless Access Point, wireless access points) function radio reception device.On system schema, Nanocell provides Cellular Networks service by the fusion of network and carrier-class WLAN is serviced.Nanocell By operator is in focus or needs to mend blind regional deployment and maintenance, ensure to set by reliable security mechanism Standby, signaling and data transmission security.
NanoCell is located at network end-point, can pass through GPON (Gigabit-Capable PON, passive light Access system) or PTN (Packet Transport Network, Packet Transport Network) or PpoE (PPP over Point-to-point protocol on Ethernet, Ethernet) etc. circuit access.If especially accessed by public network, There is problem in the authenticity of equipment, therefore use Ipsec (Internet Protocol under most network environments Security, internet protocol security) secure accessing.
With reference to shown in Fig. 3 Nanocell configuration diagrams, Nanocell systems can include smart mobile phone, The terminals such as computer, pad, TD-LTE Femto base stations (i.e. H (e) NB), security gateway (Security Gateway, abbreviation SeGW), GW (GateWay, gateway), network management system and other supports set Standby (SGSN (Serving GPRS Support Node, service universal grouping wireless clothes in such as Fig. 3 Business supporting node)/GGSN (Gateway GPRS Support Node, gateway general packet radio service Supporting node), MSC (Mobile Switching Center, mobile switching centre), MME (Mobility Management Entity, mobile management nodes), SGW (Serving GateWay, gateway), PGW (PDN GateWay, public data network gateway), HSS (Home Subscriber Server, User ascription area server), (Authentication, Authorization, Accounting are tested AAA Card, authorization and accounting server), AC (Access Controller, wireless controller), PORTAL (certificate server).Wherein, H (e) NB can support TD-LTE (Time Division Long Term Evolution, time-division Long Term Evolution)/TD-SCDMA (Time Division-Synchronous Code Division Multiple Access, TD SDMA) tri- kinds of standards of/WLAN, pass through backhaul Net (including PON (Passive Optical Network, passive optical-fiber network), PTN, Ethernet etc.) Accessing GW and AC, there is provided 3G, 4G and WIFI (WIreless-Fidelity, Wireless Fidelity) business.
In the maintenance of current TD-LTE wireless access networks, SeGW is in H (e) NB and AG and operator The passage of a safety is provided between network.SeGW is responsible for that peace is set up and kept between H (e) NB Complete (pressing IPSec/IKEv2 (Internet Key Exchange) Standard Encryption) connection.Setting up connection Afterwards, H (e) NB need to be authenticated SeGW using the public key safety certificate signed, so can be with Prevent malice from accessing.Meanwhile, VPN (Virtual can be set up between H (e) NB and SeGW Private Network, VPN), and communication data is encrypted, it is ensured that safer is logical Letter.
As shown in table 1 below, before H (e) NB and SeGW are authenticated, H (e) NB need initially to match somebody with somebody H (e) NB digital certificate and credential key is put, while configuring a trusted in H (e) NB Gateway server digital certificate list, corresponding to the service for the gateway that it will be received from SeGW The digital certificate of device.The digital certificate and certificate that the server of a gateway is also configured in SeGW are close Key, while H (e) NB trusty digital certificate list is configured in SeGW, corresponding to it From H (e) NB H (e) NB received digital certificate.
Table 1
It should be noted that wherein H (e) NB root certificate, H (e) NB digital certificate and credential key It can be generated by same CA (Certificate Authority, digital certificate authentication center) server; SeGW root certificate, the digital certificate of the server of gateway and credential key can also be by same CA servers are generated.
With reference to Fig. 4 identifying procedure figure, H (e) NB and SeGW identifying procedure is shown, in Fig. 4 In, first group of interaction (IKE_SA_INIT_REQUEST and IKE_SA_INIT_RESPONSE) Be mainly used for consulting SA (wildcard), second group of interaction (IKE_AUTH_REQUEST with And IKE_AUTH_RESPONSE) it is used for the digital certificate and authentication numeral card of switching equipment Book.Both sides produce signature with credential key, and the information such as its digital certificate and signature is carried Swapped in IKE_AUTH message, recipient needs to use the reliable list of cert locally preserved Checked with signature, for judging whether authentication succeeds.
The embodiment of the present invention can with automatic batch make H (e) NB digital certificate, in the specific implementation, Before H (e) NB digital certificate is made, root certificate, Ran Houtong can be made for H (e) NB first Cross root certificate generation server certificate and H (e) NB digital certificate.
In one embodiment, the making principles of root certificate can be:Using difference in input parameter Province's title distinguish root certificate, one province of correspondence generates a root certificate.It can be preset using fixed Template inputs the parameter of root certificate, so that according to the default template, root certificate is generated using general method And corresponding key is to (public key and private key), to facilitate later stage batch life on this basis H (e) NB's Digital certificate files.
As a kind of example, the parameter inputted during generation root certificate is as shown in table 2 below:
Table 2
It should be noted that in table 2, planning value is the value of customization root certificate, the embodiment of the present invention pair The specific value of planning value is not restricted.
Generate after root certificate, one root certificate of correspondence generates a server certificate, in the specific implementation, Can be using general server certificate generation method generation server certificate and corresponding key pair.
Generate after root certificate and server certificate, then can perform the embodiment of the present invention, generate H (e) NB digital certificate files, wherein, one H (e) NB of correspondence generates a digital certificate files, The digital certificate files serial number, the numbering is unique in the range of province, such as hnb1, hnb2 ....
In the specific implementation, H (e) NB digital certificate files can include the number of H (e) NB The credential key (including public key and private key) of word certificate and the digital certificate, H (e) NB number The mark of word certificate can be expressed as digital certificate title+numbering;The mark of one H (e) NB credential key Knowledge can be expressed as key title+numbering.Wherein, the numbering of digital certificate and corresponding key from Base Serial Number rises, and sequentially numbers, and both coding rules are unified, i.e., one digital certificate files use one Individual unified numbering, the numbering of the numbering of digital certificate and credential key therein with digital certificate files It is identical.
Specifically, the embodiment of the present invention may include steps of:
Step 201, when client receives the configuration file of user's input, the configuration file is sent out Deliver in server;
Applied to the embodiment of the present invention, the information input interface input pair that user can be showed by client The configuration file answered, or, user can also be by the upload interface upload configuration file of client.
As a kind of example of the embodiment of the present invention, the configuration file can include following information one kind or It is a variety of:The configuration script that automatically generates, system configuration information (including openssl.conf, ipsec.conf, Strongswan.conf etc.), root certificate, the digital certificate of server etc..For example, based on H (e) NB The partial content that configuration file is included can be with as shown in table 3 below:
Table 3
In the specific implementation, root certificate and server certificate can be uploaded to client by user, also may be used To merely enter the mark (for example, saving name) of root certificate and server certificate, by client from locally obtaining Take corresponding root certificate and server certificate.
Client is received after the configuration file of user's input, can further be sent the configuration file Into server.
Step 202, the control for input feature vector information is showed in the client;
Client sends configuration file to server, can show in the client for inputting spy The control of reference breath, wherein, the control is as providing user the interface of input feature vector information.
In one embodiment, the corresponding coding information of the control can be stored in client locally, when After client send configuration file to server, client is i.e. from locally obtaining the corresponding coding of the control Information, and the coding information is rendered, to show corresponding control in the interface of client.
In another embodiment, the corresponding coding information of the control can also be stored in the server, After server receives configuration file, certificates constructing main program can be performed, using the main program to Client returns to the corresponding coding information of control, and client is received after the coding information, to the coding Information is rendered, to show corresponding control to user.
Step 203, the characteristic information that is inputted in the control of user is received, and by the characteristic information Send to server;
As a kind of preferred exemplary of the embodiment of the present invention, the control showed can at least include Base Serial Number Input control, and, quantity input control, then corresponding characteristic information can at least include:Need life Into digital certificate files Base Serial Number, and, it is necessary to generation digital certificate files quantity.Example As, it is necessary to generation digital certificate files Base Serial Number be 99, it is necessary to generation digital certificate files Quantity is 10.
In a kind of preferred embodiment of the embodiment of the present invention, step 203 can include following sub-step:
Sub-step S11, receives the characteristic information that user inputs in the control;
Sub-step S12, verifies whether the characteristic information meets preset rules;If it is not, then performing sub-step Rapid S13;If so, then performing sub-step S14;
Sub-step S13, generates prompt message, the feature of preset rules is met to point out user to re-enter Information;
Sub-step S14, the characteristic information is sent to server.
Specifically, first can be with automatic Verification after client receives user's input feature vector information Whether this feature information meets preset rules, in one embodiment, and the preset rules can be judgement This feature information whether be positive integer rule, when input characteristic information be positive integer when, then can sentence Determine this feature information and meet preset rules, and this feature information is sent to server;If the feature of input Information is not positive integer, then can be determined that this feature information does not meet preset rules, at this point it is possible to generate Prompt message, and will be prompted to information and be presented to user, meet preset rules to point out user to re-enter Characteristic information, if for example, the characteristic information of user's input is 9.9 or character a, b etc., prompting is inputted Mistake, and require to re-enter correct positive integer.
Step 204, user's confirmation that the reception server is returned, user's confirmation is showed To user;
, can be based on the generation of this feature information after server receives characteristic information in server side User's confirmation, user's confirmation be used for ask user reaffirm input characteristic information whether For the characteristic information needed for oneself, for example, user's confirmation can be " Are you sure(you Whether determine)[y/n]:”.
After server generation user's confirmation, user's confirmation is returned to client.Then in visitor Family end, renders user's confirmation, to show user's confirmation to user.
Step 205, it is raw when detecting the confirmation operation that user is sent based on user's confirmation Confirm that instruction is sent to server into confirmation instruction, and by described;
User can input corresponding operation for user's confirmation, for example, input " n " or Characters such as non-" y " negative operation or do not confirm operation, or, input " y " or " it is determined that " etc. The confirmation operation of character.
When client, which detects user, sends confirmation operation based on user's confirmation, it can generate really Recognize instruction, and confirm that instruction is sent to server by described.
When client, which detects user, sends negative operation based on user's confirmation, it can generate and move back Go out instruction, and the exit instruction is sent to server.
In server side, when receiving exit instruction, then current main program is exited.
When receive confirm instruction when, then can instruct according to the confirmation, perform configuration file, generation and The corresponding digital certificate files of characteristic information.
In a kind of preferred embodiment of the embodiment of the present invention, server can generate number in the following way Word certificate file:Call the configuration file, generation and the number of the digital certificate files for needing to generate Measure the digital certificate files of respective amount;The digital certificate text of first generation is used as using the Base Serial Number The numbering of part;Based on the Base Serial Number, to number the digital certificate that incremental mode names other to generate The numbering of file.
, can be with integrated openssl interfaces and bash interfaces in server applied to the embodiment of the present invention, should Bash interfaces are used to parse configuration file, after server receives confirmation instruction, call this Bash interfaces parse configuration file, judge holding with the presence or absence of generation digital certificate files in configuration file Necessary configuration information in row environment, if there is no necessary configuration information, then generation error prompting.
If there is necessary configuration information, then openssl interfaces are called to perform corresponding configuration file, For example, performing Openssl configuration informations, the quantity with the digital certificate files for needing to generate is obtained The digital certificate files of respective numbers, and the digital certificate files of first generation are used as using Base Serial Number Numbering, the numbering of the digital certificate files of other generations is incrementally named with the Base Serial Number.
For example, it is desired to which the Base Serial Number of the digital certificate files of generation is 99, it is necessary to the digital certificate of generation The quantity of file is 10, then the numbering of the digital certificate files of first generation is 99, second generation The numberings of digital certificate files be 100, the numbering of the digital certificate files of second generation is 101 ..., The numbering of the digital certificate files of 10th generation is 108.
After the digital certificate files of server generation requirement, packing routine interface can be called, will The digital certificate files and configuration file of the requirement are packaged into a compressed package, and by the compressed package Send to client.For example, packing routine interface is called, by caCert.pem, hnb*Cert.pem (H (e) NB digital certificate), hnb*Key.pem (H (e) NB credential key), ipsec.secrets, The compressing files such as segwCert.pem, config.sh, ipsec.conf, strongswan.conf are pressed into one Contracting bag, and the compressed package is sent to client.
In the specific implementation, during server generation digital certificate files, daily record note can also be generated Record, the log recording is used to record all operation informations in digital certificate files generating process.
Step 206, the digital certificate files that the server is returned are received;
Step 207, the digital certificate files are distributed to Home eNodeB H (e) NB of respective amount respectively In.
In a kind of preferred embodiment of the embodiment of the present invention, step 207 can include following sub-step:
Sub-step S11, decompresses the compressed file, obtains multiple digital certificate files and corresponding configuration File, the configuration file includes configuration script;
The multiple digital certificate files and corresponding configuration file, are uploaded to pair by sub-step S12 respectively In H (e) NB answered board, in the board of H (e) NB, the configuration script is performed, with The digital certificate files are arranged on to the specified location of H (e) NB.
It is local in client, the compressed package can be decompressed, multiple digital certificate files is obtained and corresponding matches somebody with somebody Put file, for example, decompression after, obtain caCert.pem, hnb*Cert.pem, hnb*Key.pem, The files such as ipsec.secrets, segwCert.pem, config.sh, ipsec.conf, strongswan.conf.
After digital certificate files after being decompressed, can by FTP (File Transfer Protocol, FTP) etc. file transfer conveyance by the folder content after decompression upload to correspondence H (e) NB Board temporary folder (such as/tmp files) in, at this point it is possible to generate the digital certificate files The corresponding relation that identifies of numbering and H (e) NB, the digital certificate files are associated with H (e) NB Get up.
Then configuration script ./config.sh is performed in temporary file, then digital certificate files can be installed Into corresponding H (e) NB specified location.
As a kind of example, H (e) NB of configuration file and generation in table 3 digital certificate and its The path that credential key is installed in H (e) NB is as shown in table 4 below:
Table 4
In order that those skilled in the art better understood when the embodiment of the present invention, below by way of a tool Body example is subject to exemplary illustration to the embodiment of the present invention, but it should explanation, the embodiment of the present invention is simultaneously Not limited to this.
(1) client configuration file is uploaded onto the server /etc/pki/CA catalogues under;
(2) server performs digital certificate generation main program;
(3) server, which is checked, whether there is necessary configuration information in configuration file;
(4) if there is necessary configuration information, control is shown to user by client, and receive The characteristic information that user is inputted by control, this feature information includes needing the digital certificate files of generation Base Serial Number (e.g., 99), and, it is necessary to the quantity (e.g., 30) of the digital certificate files of generation;
(5) server shows user's confirmation " Are you sure by client to user[y/n]: (whether you determine)”;
(6) when user inputs the character of " n " or non-" y ", exit digital certificate and generate main journey Sequence;If user inputs " y " character, configuration file is called, 30 digital certificate files are generated, and 30 digital certificate files are sequentially numbered from Base Serial Number;
(7) 30 digital certificate files and configuration file are compressed, generation is named as hnb99.tar.gz Compressed package, by the compressed package return client;
(8) after client receives compressed package, the compressed package is decompressed, by 30 obtained after decompression Digital certificate files and corresponding configuration file are distributed in corresponding 30 H (e) NB;
(9) perform configuration script in each H (e) NB respectively, then can be by corresponding digital certificate text Part is arranged under the assigned catalogue of H (e) NB.
In embodiments of the present invention, it can be inputted automatically according to H (e) NB configuration file and user Characteristic information, Mass production meets the digital certificate files of characteristic information, drastically increases digital certificate The efficiency of file generated, experimental data shows, according to embodiments of the present invention, can complete within 5 minutes thousands of The making of certificate file.
In addition, the embodiment of the present invention can automatically generate configuration script, without the secondary editor's rule of operation maintenance personnel Data are drawn, the probability of layout data error is reduced.
Further, since Mass production digital certificate files of the embodiment of the present invention, then it is accurate fixed to be easy to Position overcomes the defect that problem inefficiency is positioned manually, takes time and effort to the problem of error, saves manpower, Base station maintenance cost is reduced, base station maintenance quality is improved.
The step of reference picture 5, embodiment of the method three for showing a kind of generation digital certificate of the invention, flows Cheng Tu, the embodiment of the present invention is described from server side, specifically may include steps of:
Step 501, the configuration file that client is sent is received;
Step 502, receive what client was sent, the spy inputted in the control that user shows in the client Reference ceases;
Step 503, according to the characteristic information, the configuration file is called, generation is believed with the feature Cease corresponding digital certificate files;
Step 504, the digital certificate files are returned into client.
In a kind of preferred embodiment of the embodiment of the present invention, the characteristic information at least includes:Need life Into digital certificate files Base Serial Number, and, it is necessary to generation digital certificate files quantity;
The step 503 can include following sub-step:
Sub-step S21, calls the configuration file, generation and the digital certificate files for needing to generate Quantity respective amount digital certificate files;
Sub-step S22, the numbering of the digital certificate files of first generation is used as using the Base Serial Number;
Sub-step S23, based on the Base Serial Number, to number the number that incremental mode names other to generate The numbering of word certificate file.
In a kind of preferred embodiment of the embodiment of the present invention, before step 503, it can also include such as Lower step:
User's confirmation is generated based on the characteristic information;
User's confirmation is returned to client, the client is used for user's confirmation User is presented to, and when detecting the confirmation operation that user is sent based on user's confirmation, it is raw Into instruction is confirmed, confirm that instruction is sent to server by described.
For Fig. 5 embodiment of the method, because it is substantially similar to above-mentioned Fig. 2 embodiment of the method, So description is fairly simple, related part illustrates referring to the part of Fig. 2 embodiment of the method.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as to one it is The combination of actions of row, but those skilled in the art should know that the embodiment of the present invention is not by described Sequence of movement limitation because according to the embodiment of the present invention, some steps can using other orders or Person is carried out simultaneously.Secondly, those skilled in the art should also know, embodiment described in this description Belong to necessary to preferred embodiment, the involved action not necessarily embodiment of the present invention.
Reference picture 6, shows a kind of structural frames of the client embodiment of generation digital certificate of the present invention Figure, can specifically include following module:
Configuration file sending module 601, for when receiving the configuration file of user's input, by described in Configuration file is sent into server;
Control exposure module 602, for showing the control for input feature vector information in the client;
Characteristic information sending module 603, for receiving the characteristic information that user inputs in the control, And send the characteristic information to server, the server is used for according to the characteristic information, calls The configuration file, generates digital certificate files corresponding with the characteristic information;
Digital certificate receiving module 604, for receiving the digital certificate files that the server is returned.
In a kind of preferred embodiment of the embodiment of the present invention, the characteristic information at least includes:Need life Into digital certificate files Base Serial Number, and, it is necessary to generation digital certificate files quantity.
In a kind of preferred embodiment of the embodiment of the present invention, the client can also include following mould Block:
Distribution module, the designated entities pair for the digital certificate files to be distributed to respective amount respectively As in.
In a kind of preferred embodiment of the embodiment of the present invention, the designated entities object includes Home eNodeB H(e)NB;The digital certificate files that the server is returned are compressed file, and the compressed file includes many Individual digital certificate files and corresponding configuration file;
The distribution module can further include following submodule:
Submodule is decompressed, for decompressing the compressed file, multiple digital certificate files are obtained and corresponding Configuration file, the configuration file includes configuration script;
Certificate uploads submodule, for respectively by the multiple digital certificate files and corresponding configuration file In the board for being uploaded to corresponding H (e) NB, in the board of H (e) NB, the configuration is performed Script, the digital certificate files is arranged on the specified location of H (e) NB.
In a kind of preferred embodiment of the embodiment of the present invention, the characteristic information sending module 603 can be with Including following submodule:
Characteristic information receiving submodule, for receiving the characteristic information that user inputs in the control;
Submodule is verified, for verifying whether the characteristic information meets preset rules;If it is not, then calling Prompting submodule, if so, then calling characteristic information sending submodule;
Prompting submodule, for generating prompt message, meets preset rules to point out user to re-enter Characteristic information;
Characteristic information sending submodule, for the characteristic information to be sent to server.
In a kind of preferred embodiment of the embodiment of the present invention, the client can also include following mould Block:
Confirmation receiving module, the user's confirmation returned for the reception server;
Confirmation display module, for user's confirmation to be presented into user;
Confirm directive generation module, sent really based on user's confirmation for user ought to be detected When recognizing operation, generation confirms instruction, and confirms that instruction is sent to server by described, and the server is used In confirming instruction according to described, the configuration file is called, numeral corresponding with the characteristic information is generated Certificate file.
For client embodiment, because it is substantially similar to above-mentioned embodiment of the method, so retouching That states is fairly simple, and the relevent part can refer to the partial explaination of embodiments of method.
Reference picture 7, shows a kind of structural frames of the server example of generation digital certificate of the present invention Figure, can specifically include following module:
Configuration file receiving module 701, the configuration file for receiving client transmission;
Characteristic information receiving module 702, for receiving client transmission, user shows in the client Control in the characteristic information that inputs;
Digital certificate generation module 703, for according to the characteristic information, calling the configuration file, Generation digital certificate files corresponding with the characteristic information;
Digital certificate sending module 704, for the digital certificate files to be returned into client.
In a kind of preferred embodiment of the embodiment of the present invention, the characteristic information at least includes:Need life Into digital certificate files Base Serial Number, and, it is necessary to generation digital certificate files quantity;
The digital certificate generation module 703 can include following submodule:
Certificates constructing submodule, for calling the configuration file, generation and the numeral for needing to generate The digital certificate files of the quantity respective amount of certificate file;
First numbering submodule, for the digital certificate files using the Base Serial Number as first generation Numbering;
Second numbering submodule, for based on the Base Serial Number, other to be named in the mode for numbering incremental The numbering of the digital certificate files of generation.
In a kind of preferred embodiment of the embodiment of the present invention, the server can also include following mould Block:
Confirmation generation module, for generating user's confirmation based on the characteristic information;
Confirmation sending module, for returning to user's confirmation, the client to client For user's confirmation to be presented into user, and user's confirmation letter is based on detecting user When ceasing the confirmation operation sent, generation confirms instruction, confirms that instruction is sent to server by described.
For server example, because it is substantially similar to above-mentioned embodiment of the method, so retouching That states is fairly simple, and the relevent part can refer to the partial explaination of embodiments of method.
Each embodiment in this specification is described by the way of progressive, and each embodiment is stressed Be all between difference with other embodiment, each embodiment identical similar part mutually referring to .
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can be provided as method, dress Put or computer program product.Therefore, the embodiment of the present invention can using complete hardware embodiment, completely The form of embodiment in terms of software implementation or combination software and hardware.Moreover, the embodiment of the present invention Can use can be situated between in one or more computers for wherein including computer usable program code with storage The computer journey that matter is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of sequence product.
The embodiment of the present invention is with reference to method according to embodiments of the present invention, terminal device (system) and meter The flow chart and/or block diagram of calculation machine program product is described.It should be understood that can be by computer program instructions Each flow and/or square frame and flow chart and/or square frame in implementation process figure and/or block diagram The combination of flow and/or square frame in figure.Can provide these computer program instructions to all-purpose computer, The processor of special-purpose computer, Embedded Processor or other programmable data processing terminal equipments is to produce One machine so that pass through the computing devices of computer or other programmable data processing terminal equipments Instruction produce be used to realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The device for the function of being specified in multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable datas to handle In the computer-readable memory that terminal device works in a specific way so that be stored in this computer-readable Instruction in memory, which is produced, includes the manufacture of command device, and command device realization is in flow chart one The function of being specified in flow or multiple flows and/or one square frame of block diagram or multiple square frames.
These computer program instructions can also be loaded into computer or other programmable data processing terminals are set It is standby upper so that series of operation steps is performed on computer or other programmable terminal equipments in terms of producing The processing that calculation machine is realized, so that the instruction performed on computer or other programmable terminal equipments provides use In realization in one flow of flow chart or multiple flows and/or one square frame of block diagram or multiple square frames The step of function of specifying.
Although having been described for the preferred embodiment of the embodiment of the present invention, those skilled in the art are once Basic creative concept is known, then other change and modification can be made to these embodiments.So, Appended claims are intended to be construed to include preferred embodiment and fall into the institute of range of embodiment of the invention Have altered and change.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms It is used merely to make a distinction an entity or operation with another entity or operation, and not necessarily requires Or imply between these entities or operation there is any this actual relation or order.Moreover, art Language " comprising ", "comprising" or any other variant thereof is intended to cover non-exclusive inclusion, so that Process, method, article or terminal device including a series of key elements not only include those key elements, and Also include other key elements for being not expressly set out, or also include for this process, method, article or The intrinsic key element of person's terminal device.In the absence of more restrictions, by sentence " including one It is individual ... " limit key element, it is not excluded that at the process including the key element, method, article or end Also there is other identical element in end equipment.
A kind of method, client and server for generating digital certificate provided by the present invention is carried out above It is discussed in detail, specific case used herein is explained to the principle and embodiment of the present invention State, the explanation of above example is only intended to the method and its core concept for helping to understand the present invention;Meanwhile, For those of ordinary skill in the art, according to the thought of the present invention, in embodiment and model is applied Place and will change, in summary, this specification content should not be construed as limiting the invention.

Claims (18)

1. a kind of method for generating digital certificate, it is characterised in that methods described includes:
When client receives the configuration file of user's input, the configuration file is sent to server In;
Show the control for input feature vector information in the client;
The characteristic information that user inputs in the control is received, and the characteristic information is sent to service Device, the server is used for according to the characteristic information, calls the configuration file, generation and the spy Reference ceases corresponding digital certificate files;
Receive the digital certificate files that the server is returned.
2. according to the method described in claim 1, it is characterised in that the characteristic information at least includes: Need the Base Serial Number of the digital certificate files of generation, and, it is necessary to the number of the digital certificate files of generation Amount.
3. method according to claim 2, it is characterised in that also include:
The digital certificate files are distributed in the designated entities object of respective amount respectively.
4. method according to claim 3, it is characterised in that the designated entities object includes Home eNodeB H (e) NB;The digital certificate files that the server is returned are compressed file, the compression File includes multiple digital certificate files and corresponding configuration file;
It is described that the digital certificate files are distributed to the step in the designated entities object of respective amount respectively Suddenly include:
The compressed file is decompressed, multiple digital certificate files and corresponding configuration file is obtained, it is described to match somebody with somebody Putting file includes configuration script;
The multiple digital certificate files and corresponding configuration file are uploaded to corresponding H (e) NB respectively Board in, in the board of H (e) NB, perform the configuration script, the numeral demonstrate,proved Written matter is arranged on the specified location of H (e) NB.
5. the method according to claim any one of 1-4, it is characterised in that the reception user The characteristic information inputted in the control, and wrap the step of the characteristic information is sent to server Include:
Receive the characteristic information that user inputs in the control;
Verify whether the characteristic information meets preset rules;
If it is not, then generating prompt message, the characteristic information of preset rules is met to point out user to re-enter;
If so, then the characteristic information is sent to server.
6. the method according to claim any one of 1-4, it is characterised in that used in described receive The characteristic information that family is inputted in the control, and by the characteristic information send to the step of server it Afterwards, in addition to:
User's confirmation that the reception server is returned;
User's confirmation is presented to user;
When detecting the confirmation operation that user is sent based on user's confirmation, generation confirmation refers to Order, and confirm that instruction is sent to server by described, the server is used to confirm instruction according to described, The configuration file is called, digital certificate files corresponding with the characteristic information are generated.
7. a kind of method for generating digital certificate, it is characterised in that methods described includes:
Receive the configuration file that client is sent;
Receive what client was sent, the characteristic information inputted in the control that user shows in the client;
According to the characteristic information, the configuration file is called, number corresponding with the characteristic information is generated Word certificate file;
The digital certificate files are returned into client.
8. method according to claim 7, it is characterised in that the characteristic information at least includes: Need the Base Serial Number of the digital certificate files of generation, and, it is necessary to the number of the digital certificate files of generation Amount;
It is described to call the configuration file according to the characteristic information, generate corresponding with the characteristic information Digital certificate files the step of include:
The configuration file is called, number corresponding with the quantity of the digital certificate files for needing to generate is generated The digital certificate files of amount;
The numbering of the digital certificate files of first generation is used as using the Base Serial Number;
Based on the Base Serial Number, other digital certificate files generated are named to number incremental mode Numbering.
9. the method according to claim 7 or 8, it is characterised in that described according to the spy Reference ceases, and calls the configuration file, generates the step of digital certificate files corresponding with the characteristic information Before rapid, in addition to:
User's confirmation is generated based on the characteristic information;
User's confirmation is returned to client, the client is used for user's confirmation User is presented to, and when detecting the confirmation operation that user is sent based on user's confirmation, it is raw Into instruction is confirmed, confirm that instruction is sent to server by described.
10. a kind of client for generating digital certificate, it is characterised in that the client includes:
Configuration file sending module, for when receiving the configuration file of user's input, by the configuration File is sent into server;
Control exposure module, for showing the control for input feature vector information in the client;
Characteristic information sending module, for receiving the characteristic information that user inputs in the control, and will The characteristic information is sent to server, and the server is used for according to the characteristic information, is called described Configuration file, generates digital certificate files corresponding with the characteristic information;
Digital certificate receiving module, for receiving the digital certificate files that the server is returned.
11. client according to claim 10, it is characterised in that the characteristic information is at least Including:Need the Base Serial Number of the digital certificate files of generation, and, it is necessary to the digital certificate text of generation The quantity of part.
12. client according to claim 11, it is characterised in that also include:
Distribution module, the designated entities pair for the digital certificate files to be distributed to respective amount respectively As in.
13. client according to claim 12, it is characterised in that the designated entities object Including Home eNodeB H (e) NB;The digital certificate files that the server is returned are compressed file, described Compressed file includes multiple digital certificate files and corresponding configuration file;
The distribution module includes:
Submodule is decompressed, for decompressing the compressed file, multiple digital certificate files are obtained and corresponding Configuration file, the configuration file includes configuration script;
Certificate uploads submodule, for respectively by the multiple digital certificate files and corresponding configuration file In the board for being uploaded to corresponding H (e) NB, in the board of H (e) NB, the configuration is performed Script, the digital certificate files is arranged on the specified location of H (e) NB.
14. the client according to claim any one of 10-13, it is characterised in that the feature Information sending module includes:
Characteristic information receiving submodule, for receiving the characteristic information that user inputs in the control;
Submodule is verified, for verifying whether the characteristic information meets preset rules;If it is not, then calling Prompting submodule, if so, then calling characteristic information sending submodule;
Prompting submodule, for generating prompt message, meets preset rules to point out user to re-enter Characteristic information;
Characteristic information sending submodule, for the characteristic information to be sent to server.
15. the client according to claim any one of 10-13, it is characterised in that also include:
Confirmation receiving module, the user's confirmation returned for the reception server;
Confirmation display module, for user's confirmation to be presented into user;
Confirm directive generation module, sent really based on user's confirmation for user ought to be detected When recognizing operation, generation confirms instruction, and confirms that instruction is sent to server by described, and the server is used In confirming instruction according to described, the configuration file is called, numeral corresponding with the characteristic information is generated Certificate file.
16. a kind of server for generating digital certificate, it is characterised in that the server includes:
Configuration file receiving module, the configuration file for receiving client transmission;
Characteristic information receiving module, for receiving client transmission, the control that user shows in the client The characteristic information inputted in part;
Digital certificate generation module, for according to the characteristic information, calling the configuration file, generation Digital certificate files corresponding with the characteristic information;
Digital certificate sending module, for the digital certificate files to be returned into client.
17. server according to claim 16, it is characterised in that the characteristic information is at least Including:Need the Base Serial Number of the digital certificate files of generation, and, it is necessary to the digital certificate text of generation The quantity of part;
The digital certificate generation module includes:
Certificates constructing submodule, for calling the configuration file, generation and the numeral for needing to generate The digital certificate files of the quantity respective amount of certificate file;
First numbering submodule, for the digital certificate files using the Base Serial Number as first generation Numbering;
Second numbering submodule, for based on the Base Serial Number, other to be named in the mode for numbering incremental The numbering of the digital certificate files of generation.
18. the server according to claim 16 or 17, it is characterised in that also include:
Confirmation generation module, for generating user's confirmation based on the characteristic information;
Confirmation sending module, for returning to user's confirmation, the client to client For user's confirmation to be presented into user, and user's confirmation letter is based on detecting user When ceasing the confirmation operation sent, generation confirms instruction, confirms that instruction is sent to server by described.
CN201610244156.3A 2016-04-19 2016-04-19 A kind of method, client and server generating digital certificate Active CN107306182B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610244156.3A CN107306182B (en) 2016-04-19 2016-04-19 A kind of method, client and server generating digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610244156.3A CN107306182B (en) 2016-04-19 2016-04-19 A kind of method, client and server generating digital certificate

Publications (2)

Publication Number Publication Date
CN107306182A true CN107306182A (en) 2017-10-31
CN107306182B CN107306182B (en) 2019-11-22

Family

ID=60152227

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610244156.3A Active CN107306182B (en) 2016-04-19 2016-04-19 A kind of method, client and server generating digital certificate

Country Status (1)

Country Link
CN (1) CN107306182B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019339A (en) * 2019-05-31 2020-12-01 西安理邦科学仪器有限公司 Automatic digital certificate distribution method and device
CN114615309A (en) * 2022-01-18 2022-06-10 奇安信科技集团股份有限公司 Client access control method, device and system, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388771A (en) * 2007-09-10 2009-03-18 捷德(中国)信息科技有限公司 Method and system for downloading digital certificate
US20110047374A1 (en) * 2009-08-12 2011-02-24 General Instrument Corporation Method and apparatus for a configurable online public key infrastructure (pki) management system
US20140351581A1 (en) * 2013-05-21 2014-11-27 Cisco Technology, Inc. Revocation of Public Key Infrastructure Signatures
CN104683107A (en) * 2015-02-28 2015-06-03 深圳市思迪信息技术有限公司 Digital certificate storage method and device, and digital signature method and device
CN105007277A (en) * 2015-07-30 2015-10-28 浪潮电子信息产业股份有限公司 Method for generating user certificate and web application

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388771A (en) * 2007-09-10 2009-03-18 捷德(中国)信息科技有限公司 Method and system for downloading digital certificate
US20110047374A1 (en) * 2009-08-12 2011-02-24 General Instrument Corporation Method and apparatus for a configurable online public key infrastructure (pki) management system
US20140351581A1 (en) * 2013-05-21 2014-11-27 Cisco Technology, Inc. Revocation of Public Key Infrastructure Signatures
CN104683107A (en) * 2015-02-28 2015-06-03 深圳市思迪信息技术有限公司 Digital certificate storage method and device, and digital signature method and device
CN105007277A (en) * 2015-07-30 2015-10-28 浪潮电子信息产业股份有限公司 Method for generating user certificate and web application

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
单学勇等: "《财税管理实验教程》", 30 September 2009 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019339A (en) * 2019-05-31 2020-12-01 西安理邦科学仪器有限公司 Automatic digital certificate distribution method and device
CN112019339B (en) * 2019-05-31 2024-02-27 西安理邦科学仪器有限公司 Automatic distribution method and device for digital certificates
CN114615309A (en) * 2022-01-18 2022-06-10 奇安信科技集团股份有限公司 Client access control method, device and system, electronic equipment and storage medium
CN114615309B (en) * 2022-01-18 2024-03-15 奇安信科技集团股份有限公司 Client access control method, device, system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN107306182B (en) 2019-11-22

Similar Documents

Publication Publication Date Title
CN103797832B (en) The wireless communication established using concurrent re-authentication and connection
CN107852407A (en) Unified certification for integration of compact cell and Wi Fi networks
US10791106B2 (en) Digital credential with embedded authentication instructions
CN106465120A (en) Method and nodes for integrating networks
CN107667554A (en) Decentralized configuration device entity
CN106537944A (en) Associating a device with another device's network subscription
CN108781216A (en) Method and apparatus for network insertion
CN105101194A (en) Terminal security authentication method, device and system
CN103688563A (en) Performing a group authentication and key agreement procedure
EP3944649A1 (en) Verification method, apparatus, and device
CN106375989A (en) Method for realizing access layer security, user equipment, and small radio access network node
CN107529160A (en) A kind of VoWiFi method for network access and system, terminal and wireless access points equipment
CN106972974A (en) The Web network management systems and its terminal authentication method of a kind of electric power LTE wireless terminals
CN109788474A (en) A kind of method and device of message protection
CN106203021B (en) A kind of more certification modes are integrated to apply login method and system
WO2021227866A1 (en) Network authentication method and apparatus, and system
US11540125B2 (en) Authentication device, network device, communication system, authentication method, and non-transitory computer readable medium
Baldo et al. A new model for the simulation of the LTE-EPC data plane
CN106302345B (en) A kind of terminal authentication method and device
CN109788480A (en) A kind of communication means and device
CN109479193A (en) Communication system, subscriber information managing equipment, information acquisition method, non-transitory computer-readable medium and communication terminal
CN109803262A (en) A kind of transmission method and device of network parameter
CN109391937A (en) Acquisition methods, equipment and the system of public key
CN107735980A (en) The configuration and certification of wireless device
CN112929876B (en) Data processing method and device based on 5G core network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant