CN107580000A - Digital certificate authentication method and device - Google Patents

Digital certificate authentication method and device Download PDF

Info

Publication number
CN107580000A
CN107580000A CN201710984018.3A CN201710984018A CN107580000A CN 107580000 A CN107580000 A CN 107580000A CN 201710984018 A CN201710984018 A CN 201710984018A CN 107580000 A CN107580000 A CN 107580000A
Authority
CN
China
Prior art keywords
certification
server
authentication information
terminal
service request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710984018.3A
Other languages
Chinese (zh)
Inventor
何丰宇
付鹏飞
胡铭德
孙浩然
宋探
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Knownsec Information Technology Co Ltd
Original Assignee
Beijing Knownsec Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Knownsec Information Technology Co Ltd filed Critical Beijing Knownsec Information Technology Co Ltd
Priority to CN201710984018.3A priority Critical patent/CN107580000A/en
Publication of CN107580000A publication Critical patent/CN107580000A/en
Pending legal-status Critical Current

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides a kind of digital certificate authentication method and device, is related to electronic banking security technology area.The first authentication information that this method and device are sent by obtaining server, wherein, the first authentication information is generated by server according to target terminal user for the service request that targeted customer's account is sent, and the first authentication information includes the information of targeted customer's account;Digital certificate according to certification terminal is stored in advance in is authenticated to the first authentication information, to judge whether the information of account corresponding to target terminal user is effective;When the first authentication information certification by when, the instruction that passes through of certification is sent to server, so that server responds the service request.Multiple digital certificates can be concentrated and be deployed in certification terminal by scheme provided by the invention, by the validity of certification terminal authentication user account, reduce O&M difficulty, also contribute to user's financial security level.

Description

Digital certificate authentication method and device
Technical field
The present invention relates to electronic banking security technology area, in particular to a kind of digital certificate authentication method and dress Put.
Background technology
With the development of electric business and internet finance, electric business often has electronics to connect with internet financial company with multiple banks Mouthful.For example, the U-shield that all banks provide will be directly inserted on the USB interface for the host computer communication that enterprise is held.Main frame USB Interface quantity is limited, it is difficult to which redundant deployment, host computer communication are typically deployed at the Internet data center (Internet of enterprise Data Center, IDC) in computer room, newly-increased U-shield of changing will go computer room to dispose, and this gives the maintenance work band of internet financial company It is inconvenient to come.In addition, the U-shield in IDC computer rooms is easily unplugged and lost, the risk of business capital safety is added.
The content of the invention
In order to overcome above-mentioned deficiency of the prior art, the present invention provides a kind of digital certificate authentication method and device, can Digital certificate is concentrated and disposed, reduces O&M difficulty, and improves business finance level of security, and then is solved the above problems.
To achieve these goals, the technical scheme that present pre-ferred embodiments are provided is as follows:
Present pre-ferred embodiments provide a kind of digital certificate authentication method, applied to the certification being connected with server communication Terminal, the server are connected with user terminal communication, and the certification terminal is associated with least one user account;The side Method includes:
The first authentication information that the server is sent is obtained, wherein, first authentication information is by the server root Generated according to target terminal user for the service request that targeted customer's account is sent, first authentication information includes the target The information of user account;
At least one digital certificate according to the certification terminal is stored in advance in is recognized first authentication information Card, to judge whether the information of account corresponding to the target terminal user is effective;
When the first authentication information certification by when, the instruction that passes through of certification is sent to the server, so that described Server responds the service request.
In the preferred embodiment, the above method also includes:
When the first authentication information certification is obstructed out-of-date, the instruction that certification do not pass through is sent to the server, so that The server stops responding the service request.
In the preferred embodiment, the above method also includes:
Obtain and data are performed corresponding to the service request, the execution data include remittance/transfer amounts, remittance/turn Account time, at least one of object of remitting money/transfer accounts;
Record and show the execution data.
In the preferred embodiment, it is above-mentioned when the first authentication information certification by when, to the server The instruction that certification passes through is sent, so that the step of server responds the service request, including:
When the first authentication information certification by when, the first trigger signal is received, and according to first trigger signal The instruction that the certification passes through is generated, the instruction that the certification passes through includes being used to make the server respond the service request The first control instruction;
First control instruction is sent to the server, so that the server responds the service request.
In the preferred embodiment, it is above-mentioned when the first authentication information certification by when, to the server The instruction that certification passes through is sent, so that the step of server responds the service request, including:
When the first authentication information certification by when, the second trigger signal is received, and according to second trigger signal The instruction that the certification passes through is generated, the instruction that the certification passes through includes being used to make the server stop responding the business Second control instruction of request;
Second control instruction is sent to the server, so that the server stops responding the service request.
In the preferred embodiment, it is above-mentioned to send second control instruction to the server, so that described The step of server stops responding the service request, including:
According to second control instruction of transmission, the server is set to disconnect between the server and the user terminal Communication connection.
In the preferred embodiment, above-mentioned basis is stored in advance at least one numeral card of the certification terminal Before the step of book is authenticated to first authentication information, methods described also includes:
The second authentication information is received, and certification of second authentication information with being stored in advance in the certification terminal is believed Breath is verified;
After second authentication information is verified, by least one digital certificate corresponding with the account of user terminal The certification terminal is stored in, wherein, a digital certificate is associated with the identity information of an account in user terminal.
Presently preferred embodiments of the present invention also provides a kind of digital certificate authentication device, applied to what is be connected with server communication Certification terminal, the server are connected with user terminal communication, and the certification terminal is associated with least one user account;Institute Stating digital certificate authentication device includes:
First acquisition unit, the first authentication information sent for obtaining the server, wherein, the first certification letter Breath is generated by the server according to target terminal user for the service request that targeted customer's account is sent, first certification Information includes the information of targeted customer's account;
Authentication determination unit, for according to being stored in advance at least one digital certificate of the certification terminal to described the One authentication information is authenticated, to judge whether the information of account corresponding to the target terminal user is effective;
Send execution unit, for when the first authentication information certification by when, to the server send certification lead to The instruction crossed, so that the server responds the service request.
In the preferred embodiment, above-mentioned digital certificate authentication device also includes:
Second acquisition unit, data are performed corresponding to the service request for obtaining, it is described execution data include remittance/ Transfer amounts ,/time of transferring accounts, remitting money/at least one of object of transferring accounts of remitting money;
Recording and displaying unit, for recording and showing the execution data.
In the preferred embodiment, above-mentioned transmission execution unit is additionally operable to:
When the first authentication information certification by when, the first trigger signal is received, and according to first trigger signal The instruction that the certification passes through is generated, the instruction that the certification passes through includes being used to make the server respond the service request The first control instruction;
First control instruction is sent to the server, so that the server responds the service request.
In terms of existing technologies, digital certificate authentication method and device provided by the invention at least has beneficial below Effect:The first authentication information that this method and device are sent by obtaining server, wherein, the first authentication information is by server root Generated according to target terminal user for the service request that targeted customer's account is sent, the first authentication information includes targeted customer's account Information;Digital certificate according to certification terminal is stored in advance in is authenticated to the first authentication information, to judge targeted customer Whether the information of account corresponding to terminal is effective;When the first authentication information certification by when, send certification to server and pass through Instruction, so that server responds the service request.Multiple digital certificates can be concentrated and be deployed in certification by scheme provided by the invention Terminal, by the validity of certification terminal authentication user account, O&M difficulty is reduced, also contributes to user's financial security It is horizontal.
To enable the above objects, features and advantages of the present invention to become apparent, present pre-ferred embodiments cited below particularly, And accompanying drawing appended by coordinating, it is described in detail below.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached Figure is briefly described.It should be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore it is not construed as pair The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 is the interaction schematic diagram of certification terminal, server and user terminal that present pre-ferred embodiments provide.
Fig. 2 is the block diagram for the certification terminal that present pre-ferred embodiments provide.
Fig. 3 is one of schematic flow sheet of digital certificate authentication method that present pre-ferred embodiments provide.
Fig. 4 is the two of the schematic flow sheet for the digital certificate authentication method that present pre-ferred embodiments provide.
Fig. 5 is one of block diagram of digital certificate authentication device that present pre-ferred embodiments provide.
Fig. 6 is the two of the block diagram for the digital certificate authentication device that present pre-ferred embodiments provide.
Icon:10- certification terminals;11- processing units;12- communication units;13- memory cell;20- servers;30- is used Family terminal;40- networks;100- digital certificate authentication devices;110- first acquisition units;120- authentication determination units;130- is sent out Send execution unit;140- second acquisition units;150- recording and displaying units.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes.Obviously, described embodiment is only the part of the embodiment of the present invention, rather than whole embodiments.It is logical The component for the embodiment of the present invention being often described and illustrated herein in the accompanying drawings can be configured to arrange and design with a variety of.
Therefore, below the detailed description of the embodiments of the invention to providing in the accompanying drawings be not intended to limit it is claimed The scope of the present invention, but be merely representative of the present invention selected embodiment.Based on embodiments of the invention, people in the art The every other embodiment that member is obtained on the premise of creative work is not made, belongs to the scope of protection of the invention.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.In addition, term " the One ", " second " etc. is only used for distinguishing description, and it is not intended that instruction or hint relative importance.
Below in conjunction with the accompanying drawings, some embodiments of the present invention are elaborated.It is following in the case where not conflicting Feature in embodiment and embodiment can be mutually combined.
Fig. 1 is refer to, is the friendship of certification terminal 10, server 20 and user terminal 30 that present pre-ferred embodiments provide Mutual schematic diagram.In the present embodiment, at least one certification terminal 10 can be communicated to connect by network 40 and server 20, to realize Certification terminal 10 and the data interaction of server 20.Server 20 can pass through network 40 and at least one communication link of user terminal 30 Connect, to realize the data interaction of server 20 and user terminal 30.In addition, certification terminal 10 can also open network 40 and user's end The communication connection of end 30, to carry out data interaction.Wherein, the above-mentioned mode respectively communicated to connect can be to pass through VPN The network 40 that (Virtual Private Network, VPN) is attached or other are firm is attached, here not Make specific limit.
Understandably, certification terminal 10, server 20, user terminal 30 and network 40 can form Verification System, the certification System can be verified to the information of at least one user account.And each user terminal 30 configurable (or storage) one or Multiple user accounts.
Fig. 2 is refer to, is the block diagram for the certification terminal 10 that present pre-ferred embodiments provide.In the present embodiment In, the certification terminal 10 can be a kind of device or equipment independently of server 20 and user terminal 30.User or institute of enterprise The certification terminal 10 held can obtain from authoritative institution (such as bank).The certification terminal 10 can include processing unit 11, Communication unit 12, memory cell 13 and digital certificate authentication device 100, the processing unit 11, communication unit 12, storage are single Directly or indirectly it is electrically connected between member 13 and 100 each element of digital certificate authentication device, to realize the transmission of data Or interaction.It is electrically connected with for example, these elements can be realized by one or more communication bus or signal wire between each other.
The processing unit 11 can be processor.For example, the processor can be central processing unit (Central Processing Unit, CPU), network processing unit (Network Processor, NP), graphics processor (Graphics Processing Unit, GPU) etc.;It can also be that digital signal processor (DSP), application specific integrated circuit (ASIC), scene can Program gate array (FPGA) either other PLDs, discrete gate or transistor logic, discrete hardware components. It can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.
The communication unit 12 is used for the communication connection established by network 40 between certification terminal 10 and server 20, or The communication connection established between certification terminal 10 and user terminal 30, and pass through the transceiving data of network 40.
The memory cell 13 may be, but not limited to, random access memory, read-only storage, may be programmed read-only storage Device, Erasable Programmable Read Only Memory EPROM, Electrically Erasable Read Only Memory etc..In the present embodiment, the storage is single Member 13 can be used for digital certificate, digital certificate control and information associated with least one user account etc..Certainly, The memory can be also used for storage program, and the processing unit 11 performs the program after execute instruction is received.
Alternatively, the certification terminal 10 can also include display unit, and the display unit may be, but not limited to, liquid crystal Display screen or touching display screen etc., hold available for display server 20 is corresponding in response to the service request that user terminal 30 is sent Row data, the execution data include but is not limited to remittance and/transfer amounts, remitted money/in time of transferring accounts, object of remitting money/transfer accounts It is at least one.
Further, the digital certificate authentication device 100 include it is at least one can be with software or firmware (firmware) Form be stored in the memory cell 13 or be solidificated in software function module in the certification terminal 10.The processing is single Member 11 is used to perform the executable module stored in the memory cell 13, such as included by digital certificate authentication device 100 Software function module and computer program etc..
It is understood that the structure shown in Fig. 2 is only a kind of structural representation of certification terminal 10, the certification terminal 10 can also include than more or less components shown in Fig. 2.Each component shown in Fig. 2 can use hardware, software or its Combination is realized.
In the present embodiment, the server 20 associates with the related service of financial institution (such as bank), can respond use The service request that family account is sent, so that user account can perform related service operation.Understandably, the server 20 is finance Mechanism is held.The business operation includes but is not limited to transfer accounts, remits money, changes the operation such as authority or password.Alternatively, the clothes Business device 20 may be, but not limited to, Cloud Server, cluster server, distributed server etc..
In the present embodiment, the user terminal 30 may be, but not limited to, smart mobile phone, PC (personal Computer, PC), tablet personal computer, personal digital assistant (personal digital assistant, PDA), mobile Internet access set Standby (mobile Internet device, MID) etc..The network 40 may be, but not limited to, cable network or wireless network. For example, operator can utilize the keyboard and mouse of PC to make PC connection server 20, the authenticated certification of terminal 10 is by rear, Transfer operation can be performed.
Fig. 3 is refer to, is one of the schematic flow sheet of digital certificate authentication method that present pre-ferred embodiments provide.This The preferred embodiment of invention provides a kind of digital certificate authentication method, and this method can be applied to above-mentioned communicate to connect with server 20 Certification terminal 10, the certification terminal 10 is associated with least one user account.This method is by the way that at least one numeral is demonstrate,proved Book storage (or deployment) is verified by certification terminal 10 to the information of user account in certification terminal 10.Compared to existing Technology is needed for multiple U-shields are plugged on into the USB interface of host computer communication, simplifies the deployment of digital certificate, can be solved existing In technology the problem of the redundant deployment of bank's communication interface machine, it is easy to carry out O&M to Verification System.
The idiographic flow and step of the digital certificate authentication method shown in Fig. 3 are described in detail below.In this reality Apply in example, the digital certificate authentication method may comprise steps of:
Step S210, the first authentication information that server 20 is sent is obtained, wherein, first authentication information is by the clothes Business device 20 generates according to target terminal user for the service request that targeted customer's account is sent, and first authentication information includes The information of targeted customer's account.
In the present embodiment, before step S210 is performed, target terminal user corresponding to targeted customer's account will be to clothes The transmission of device 20 be engaged in for the service request of targeted customer's account, server 20, will be to certification after the service request is received Terminal 10 sends the first authentication information generated according to the service request.Understandably, targeted customer's account is currently to exist The user account of operation is performed, target terminal user is user terminal 30 corresponding to targeted customer's account.
Alternatively, certification terminal 10 can pre-deposit the user account information associated with user terminal 30, the first certification Information can also include the information of target terminal user, can be used for certification targeted customer account and target terminal user whether phase It is corresponding, when targeted customer's account is corresponding with target terminal user, then the information of targeted customer's account is verified.
Step S220, according to being stored in advance at least one digital certificate of the certification terminal 10 to first certification Information is authenticated, to judge whether the information of account corresponding to the target terminal user is effective.
In the present embodiment, this method is carried out using the digital certificate being stored in certification terminal 10 to the first authentication information Certification, to judge whether targeted customer's account is corresponding with the digital certificate in certification terminal 10, if targeted customer's account and certification Digital certificate in terminal 10 is corresponding, then the information of account corresponding to target terminal user is effective, conversely, target terminal user The information of corresponding account is invalid.
Alternatively, before step S210 or step S220, this method can also include receiving the second authentication information, and will Second authentication information is verified with being stored in advance in the authentication information of the certification terminal 10;When second certification is believed After breath is verified, by least one digital certificate store corresponding with the account of user terminal 30 in the certification terminal 10, Wherein, a digital certificate is associated with the identity information of an account in user terminal 30.
Understandably, if digital certificate or user do not need to add in the end of certification terminal 10 certification terminal 10 Corresponding to other users account during digital certificate, it is necessary to obtain authority just can be to the importing digital certificate of certification terminal 10.It is described Second authentication information can obtain directly or indirectly through certification terminal 10.
For example, second authentication information is artificially by using the encrypted message of the input of family terminal 30, or second certification Information is that the biological information of targeted customer is gathered by user terminal 30, including the information such as the types of facial makeup in Beijing operas, pupil, sound, fingerprint.So After there is user terminal 30 to send the authentication information to certification terminal 10 to be verified.Certainly, can be set in certification terminal 10 Digital button or other acquisition modules, such as camera, microphone, fingerprint capturer are put, to gather the types of facial makeup in Beijing operas of targeted customer respectively The information such as (pupil), sound, fingerprint.Namely targeted customer must directly can generate to obtain the second certification letter by certification terminal 10 Breath.
This method is just deposited by being verified to the second authentication information when targeted customer obtains authority to certification terminal 10 Enter digital certificate, avoid user's importing digital certificate of lack of competence.Namely this method further increases certification terminal 10 The rank of certification safety, be advantageous to improve user or the financial security of enterprise is horizontal.
What deserves to be explained is it can also include judging whether deposit in certification terminal 10 performing step S210 or step S220 The step of containing digital certificate.If nil certificate in certification terminal 10, sends prompting, so that user passes through user terminal 30 Or other equipment imports corresponding digital certificate to certification terminal 10, if certification terminal 10 is stored with digital certificate, carry out pair The step S210 or step S220 answered.Preferably, the certification terminal 10 only importing digital certificate, can not export digital certificate, The security reliability of certification is reduced to avoid digital certificate from being replaced.
Step S230, when the first authentication information certification by when, send the finger that passes through of certification to the server 20 Order, so that the server 20 responds the service request.
Understandably, if the first authentication information just sends the instruction that certification passes through by, certification terminal 10 to server 20, Server 20 responds the service request that user terminal 30 sends according to the instruction, (for example remits money, transfers accounts to perform corresponding operation Deng operation).
Alternatively, step S230 can be specifically included:When the first authentication information certification by when, receive first triggering Signal, and the instruction passed through according to first trigger signal generation certification, the instruction that the certification passes through include being used for The server 20 is set to respond the first control instruction of the service request;First control is sent to the server 20 to refer to Order, so that the server 20 responds the service request.
In other embodiments, step S230 can be specifically included:When the first authentication information certification by when, connect Receive the second trigger signal, and the instruction passed through according to second trigger signal generation certification, the finger that the certification passes through Order includes being used for the second control instruction for making the server 20 stop responding the service request;Sent to the server 20 Second control instruction, so that the server 20 stops responding the service request.
What deserves to be explained is if certification terminal 10 does not receive in the first authentication information certification in preset time period after To the first trigger signal or the second trigger signal, the second control instruction can be sent to the server 20, so that the server 20 stop responding the service request.
Wherein, first trigger signal and the second trigger signal can be by the button in artificial triggering authentication terminal 10 Or the instruction that touch-screen and the different certifications that are formed pass through.Understandably, the first trigger signal is corresponding with the first control instruction, For making server 20 respond service request, so that the executable business operation such as remit money, transfer accounts of user terminal 30.Second triggering letter It is number corresponding with the second control instruction, for making server 20 stop response service request, so as to prevent user terminal 30 from performing remittance Money, the business operation such as transfer accounts.Same user terminal 30 is namely corresponded to, the same time can only perform one in above two operation Kind.
For example, in enterprise, Chief Financial Officer can hold the certification terminal 10, if accountant needs to use business account pair Outer remittance, user terminal 30 corresponding to business account send service request to server 20, and server 20 is according to the service request The first authentication information is generated, by rear, certification terminal 10 can display whether really the authenticated certification of terminal 10 of first authentication information Recognize the operation for performing foreign transfer, Chief Financial Officer can manually select the operation for confirming to perform foreign transfer, and server 20 will ring Should service request, with for the business account to other account remittances;Or Chief Financial Officer can manually select refusal execution pair The operation of outer remittance, so that server 20 stops response service request, also it is prevented that accountant is entered by user terminal 30 Capable remittance operation.
In addition, in the prior art, enterprise accounting usually requires to Chief Financial Officer to take U-shield to obtain the power of business operation Limit, in U-shield handshaking, U-shield is easily lost.And the certification terminal 10 in the present invention can be placed in fixed position, as long as The certification terminal 10 is deployed in the reachable TCP/IP networks of server 20 (or bank interface machine) network 40, and then can avoid The potential safety hazard brought because digital certificate loses.
In another example for elderly population, its relatives can hold the certification terminal 10, if old man need outwards transfer accounts, it is necessary to Hold the operation that the relatives of the certification terminal 10 confirm to transfer accounts by the certification terminal 10, old man could be transferred accounts, and its is specific Implementation is identical with the implementation process applied to enterprise's scene, repeats no more here.
Alternatively, it is described to send second control instruction to the server 20, so that the server 20 stops ringing The step of answering the service request, it can also include:According to second control instruction of transmission, disconnect the server 20 Communication connection between the server 20 and the user terminal 30, transferred accounts, converged with preventing user from being performed by user terminal 30 The business operations such as money.
In the present embodiment, this method makes server 20 respond service request by being confirmed whether in certification terminal 10, can The reliability and safety of the certification of certification terminal 10 is further improved, further to improve the safety of user or business capital.
Alternatively, this method also includes:When the first authentication information certification is obstructed out-of-date, sent to the server 20 The instruction that certification does not pass through, so that the server 20 stops responding the service request.
Fig. 4 is refer to, is the two of the schematic flow sheet for the digital certificate authentication method that present pre-ferred embodiments provide. In the present embodiment, this method can also include step S240 and step S250.
Step S240, obtain and data are performed corresponding to the service request, the execution data include gold of remitting money/transfer accounts Volume ,/time of transferring accounts, remitting money/at least one of object of transferring accounts of remitting money.
Step S250, record and show the execution data.
Understandably, the execution data can directly be acquired from user terminal 30 or from server 20 Acquire.The execution data can also include other data, such as, increase the time of importing digital certificate newly, change and deposit in advance Store up in time of authentication information of certification terminal 10 etc., repeat no more here.This method is by recording and showing the execution number According to, contribute to user to check the business record that current and history performs, be easy to related personnel's verification business operation whether correct, with Strengthen the real-time monitoring capacity of fund flow, so improve certification terminal 10 to the accuracy of business operation certification and reliable Property.
Refer to Fig. 5, be present pre-ferred embodiments provide digital certificate authentication device 100 block diagram it One.Digital certificate authentication device 100 provided by the invention can apply to above-mentioned digital certificate authentication method, by by numeral Certificate is concentrated and is deployed in certification terminal 10, the deployment way of digital certificate is simplified, in order to safeguard Verification System.Namely should As long as network 40 reachable optional position of the certification terminal 10 between user terminal 30 and server 20, can be achieved to Family accounts information is authenticated confirming with the business operation to execution, reduce deployment digital certificate network environment will Ask.Wherein, the digital certificate authentication device 100 may include first acquisition unit 110, authentication determination unit 120 and send to hold Row unit 130.
First acquisition unit 110, the first authentication information sent for obtaining the server 20, wherein, described first Authentication information is generated by the server 20 according to target terminal user for the service request that targeted customer's account is sent, described First authentication information includes the information of targeted customer's account.Specifically, first acquisition unit 110 can be used for performing Fig. 3 Shown step S210, the operation content specifically performed can refer to the detailed description to step S210, repeat no more here.
Authentication determination unit 120, for according at least one digital certificate pair for being stored in advance in the certification terminal 10 First authentication information is authenticated, to judge whether the information of account corresponding to the target terminal user is effective.Specifically Ground, authentication determination unit 120 can be used for performing the step S220 shown in Fig. 3, and the operation content specifically performed can refer to step Rapid S220 detailed description, is repeated no more here.
Send execution unit 130, for when the first authentication information certification by when, to the server 20 send recognize The instruction passed through is demonstrate,proved, so that the server 20 responds the service request.
Further, the transmission execution unit 130 is additionally operable to:When the first authentication information certification by when, receive First trigger signal, and the instruction passed through according to first trigger signal generation certification, the instruction that the certification passes through Including for making the server 20 respond the first control instruction of the service request;Described is sent to the server 20 One control instruction, so that the server 20 responds the service request.
Specifically, send execution unit 130 to can be used for performing the step S230 shown in Fig. 3, in the operation specifically performed Hold the detailed description that can refer to step S230, repeat no more here.
Refer to Fig. 6, be present pre-ferred embodiments provide digital certificate authentication device 100 block diagram it Two.Alternatively, the digital certificate authentication device 100 can also include second acquisition unit 140 and recording and displaying unit 150。
Second acquisition unit 140, data are performed corresponding to the service request for obtaining, the execution data include converging Money/transfer amounts, is remitted money/time of transferring accounts, at least one of object of remitting money/transfer accounts.Specifically, second acquisition unit 140 can For performing the step S240 shown in Fig. 4, the operation content specifically performed can refer to the detailed description to step S240, here Repeat no more.
Recording and displaying unit 150, for recording and showing the execution data.Specifically, recording and displaying unit 150 can be with For performing the step S250 shown in Fig. 4, the operation content specifically performed can refer to the detailed description to step S250, here not Repeat again.
In summary, the present invention provides a kind of digital certificate authentication method and device.This method and device are taken by obtaining The first authentication information that business device is sent, wherein, the first authentication information is directed to targeted customer by server according to target terminal user The service request generation that account is sent, the first authentication information include the information of targeted customer's account;According to being stored in advance in certification The digital certificate of terminal is authenticated to the first authentication information, to judge whether the information of account corresponding to target terminal user has Effect;When the first authentication information certification by when, send the instruction that passes through of certification to server so that server respond the business please Ask.Multiple digital certificates can be concentrated and be deployed in certification terminal by scheme provided by the invention, pass through certification terminal authentication user's account The validity at family, O&M difficulty is reduced, also contribute to user's financial security level.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.

Claims (10)

  1. A kind of 1. digital certificate authentication method, it is characterised in that applied to the certification terminal being connected with server communication, the clothes Business device is connected with user terminal communication, and the certification terminal is associated with least one user account;Methods described includes:
    The first authentication information that the server is sent is obtained, wherein, first authentication information is by the server according to mesh The service request generation that mark user terminal is sent for targeted customer's account, first authentication information include the targeted customer The information of account;
    At least one digital certificate according to the certification terminal is stored in advance in is authenticated to first authentication information, with Judge whether the information of account corresponding to the target terminal user is effective;
    When the first authentication information certification by when, the instruction that passes through of certification is sent to the server, so that the service Device responds the service request.
  2. 2. according to the method for claim 1, it is characterised in that methods described also includes:
    When the first authentication information certification is obstructed out-of-date, the instruction that certification do not pass through is sent to the server, so that described Server stops responding the service request.
  3. 3. according to the method for claim 1, it is characterised in that methods described also includes:
    Obtain and data are performed corresponding to the service request, the execution data include remittance/transfer amounts, remitting money/when transferring accounts Between, at least one of object of remitting money/transfer accounts;
    Record and show the execution data.
  4. 4. according to the method for claim 1, it is characterised in that it is described when the first authentication information certification by when, to The server sends the instruction that certification passes through, so that the step of server responds the service request, including:
    When the first authentication information certification by when, receive the first trigger signal, and according to first trigger signal generate The instruction that the certification passes through, the instruction that the certification passes through include being used for making the server to respond the of the service request One control instruction;
    First control instruction is sent to the server, so that the server responds the service request.
  5. 5. according to the method for claim 1, it is characterised in that it is described when the first authentication information certification by when, to The server sends the instruction that certification passes through, so that the step of server responds the service request, including:
    When the first authentication information certification by when, receive the second trigger signal, and according to second trigger signal generate The instruction that the certification passes through, the instruction that the certification passes through include being used to make the server stop responding the service request The second control instruction;
    Second control instruction is sent to the server, so that the server stops responding the service request.
  6. 6. according to the method for claim 5, it is characterised in that described to refer to server transmission second control Order, so that the step of server stops responding the service request, including:
    According to second control instruction of transmission, disconnect the server logical between the server and the user terminal Letter connection.
  7. 7. according to the method for claim 1, it is characterised in that the basis is stored in advance in the certification terminal at least Before the step of one digital certificate is authenticated to first authentication information, methods described also includes:
    The second authentication information is received, and second authentication information is entered with being stored in advance in the authentication information of the certification terminal Row checking;
    After second authentication information is verified, by least one digital certificate store corresponding with the account of user terminal In the certification terminal, wherein, a digital certificate is associated with the identity information of an account in user terminal.
  8. 8. a kind of digital certificate authentication device, it is characterised in that applied to the certification terminal being connected with server communication, the clothes Business device is connected with user terminal communication, and the certification terminal is associated with least one user account;The digital certificate authentication Device includes:
    First acquisition unit, the first authentication information sent for obtaining the server, wherein, first authentication information by The server generates according to target terminal user for the service request that targeted customer's account is sent, first authentication information Include the information of targeted customer's account;
    Authentication determination unit, for being recognized according at least one digital certificate for being stored in advance in the certification terminal described first Card information is authenticated, to judge whether the information of account corresponding to the target terminal user is effective;
    Send execution unit, for when the first authentication information certification by when, send certification to the server and pass through Instruction, so that the server responds the service request.
  9. 9. digital certificate authentication device according to claim 8, it is characterised in that the digital certificate authentication device is also wrapped Include:
    Second acquisition unit, data are performed corresponding to the service request for obtaining, the execution data include remitting money/transferring accounts The amount of money ,/time of transferring accounts, remitting money/at least one of object of transferring accounts of remitting money;
    Recording and displaying unit, for recording and showing the execution data.
  10. 10. digital certificate authentication device according to claim 8, it is characterised in that the transmission execution unit is additionally operable to:
    When the first authentication information certification by when, receive the first trigger signal, and according to first trigger signal generate The instruction that the certification passes through, the instruction that the certification passes through include being used for making the server to respond the of the service request One control instruction;
    First control instruction is sent to the server, so that the server responds the service request.
CN201710984018.3A 2017-10-20 2017-10-20 Digital certificate authentication method and device Pending CN107580000A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710984018.3A CN107580000A (en) 2017-10-20 2017-10-20 Digital certificate authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710984018.3A CN107580000A (en) 2017-10-20 2017-10-20 Digital certificate authentication method and device

Publications (1)

Publication Number Publication Date
CN107580000A true CN107580000A (en) 2018-01-12

Family

ID=61037332

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710984018.3A Pending CN107580000A (en) 2017-10-20 2017-10-20 Digital certificate authentication method and device

Country Status (1)

Country Link
CN (1) CN107580000A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108537050A (en) * 2018-03-20 2018-09-14 中国建设银行股份有限公司 Business datum transfer method and relevant apparatus
CN111414596A (en) * 2020-04-07 2020-07-14 中国建设银行股份有限公司 Method and device for processing request
CN111542822A (en) * 2018-02-23 2020-08-14 三星电子株式会社 Electronic device and method for sharing screen data
CN112381541A (en) * 2020-11-16 2021-02-19 深圳市天行云供应链有限公司 Cross-bank multi-U-shield system and payment method applying same
CN112712365A (en) * 2021-01-06 2021-04-27 中国工商银行股份有限公司 Processing method and device for digital certificate

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101013941A (en) * 2007-02-09 2007-08-08 上海林果科技有限公司 Digital certificate authentication/management system and authentication/management method
CN102420800A (en) * 2010-09-28 2012-04-18 俞浩波 Method, system and authentication terminal for accomplishing service by multi-factor identity authentication
CN102468961A (en) * 2010-11-18 2012-05-23 卓望数码技术(深圳)有限公司 Distributive enterprise identification authentication method, system and embedded terminal
US20140047533A1 (en) * 2010-11-24 2014-02-13 Shanjing Tang Method and System for Authentication-based Multi-user Online Video Game
CN106878020A (en) * 2017-01-24 2017-06-20 广州弘度信息科技有限公司 Network system, the authentication method of the network equipment and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101013941A (en) * 2007-02-09 2007-08-08 上海林果科技有限公司 Digital certificate authentication/management system and authentication/management method
CN102420800A (en) * 2010-09-28 2012-04-18 俞浩波 Method, system and authentication terminal for accomplishing service by multi-factor identity authentication
CN102468961A (en) * 2010-11-18 2012-05-23 卓望数码技术(深圳)有限公司 Distributive enterprise identification authentication method, system and embedded terminal
US20140047533A1 (en) * 2010-11-24 2014-02-13 Shanjing Tang Method and System for Authentication-based Multi-user Online Video Game
CN106878020A (en) * 2017-01-24 2017-06-20 广州弘度信息科技有限公司 Network system, the authentication method of the network equipment and device

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111542822A (en) * 2018-02-23 2020-08-14 三星电子株式会社 Electronic device and method for sharing screen data
CN111542822B (en) * 2018-02-23 2024-04-09 三星电子株式会社 Electronic device and method for sharing screen data
CN108537050A (en) * 2018-03-20 2018-09-14 中国建设银行股份有限公司 Business datum transfer method and relevant apparatus
CN111414596A (en) * 2020-04-07 2020-07-14 中国建设银行股份有限公司 Method and device for processing request
CN112381541A (en) * 2020-11-16 2021-02-19 深圳市天行云供应链有限公司 Cross-bank multi-U-shield system and payment method applying same
CN112712365A (en) * 2021-01-06 2021-04-27 中国工商银行股份有限公司 Processing method and device for digital certificate
CN112712365B (en) * 2021-01-06 2024-02-02 中国工商银行股份有限公司 Processing method and device for digital certificate

Similar Documents

Publication Publication Date Title
CN107580000A (en) Digital certificate authentication method and device
CN111080275B (en) Cross-region resource transfer method, device, equipment and storage medium
US20210049579A1 (en) Multi-factor identity authentication
CN108898389A (en) Based on the content verification method and device of block chain, electronic equipment
US10057255B2 (en) Preventing unauthorized access to secured information systems using multi-device authentication techniques
CN104247329B (en) The safety of the device of cloud service is asked to be remedied
CN109146679A (en) Intelligent contract call method and device, electronic equipment based on block chain
WO2020107233A1 (en) Blockchain-based wallet system, method of use of wallet and storage medium
CN105991287A (en) Signature data generation and fingerprint authentication request method and device
EP3061025B1 (en) Method and system for authenticating service
EP2575099A1 (en) Electronic funds transfer
CN106327169A (en) Electronic fund transferring method and apparatus
US11233897B1 (en) Secure call center communications
CN105868970A (en) Authentication method and electronic device
JP6596723B2 (en) Secure data entry and display for communication devices
CN103761806A (en) Financial security system used for mobile terminal
CN108550017B (en) Consumption finance core system based on SAAS platform
CN114462989A (en) Method, device and system for starting digital currency hardware wallet application
CN113506108A (en) Account management method, device, terminal and storage medium
CN107516117A (en) Quick Response Code processing method, device, terminal and server
CN104252676A (en) System and method for using real-time communication and digital certificate to authenticate Internet bank account identity
CN104769628B (en) Method, system and the computer-readable medium negotiated for the tranaction costs for currency remittance
WO2019025868A1 (en) System and method for providing secured services
US11314850B2 (en) Preventing unauthorized access to secure information systems using advanced biometric authentication techniques
WO2019166867A1 (en) A system and method for monetary transaction

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing

Applicant after: Beijing Zhichuangyu Information Technology Co., Ltd.

Address before: Room 803, Jinwei Building, 55 Lanindichang South Road, Haidian District, Beijing

Applicant before: Beijing Knows Chuangyu Information Technology Co.,Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180112