[go: up one dir, main page]

CN105554008A - User terminal, authentication server, middle server, system and transmission method - Google Patents

User terminal, authentication server, middle server, system and transmission method Download PDF

Info

Publication number
CN105554008A
CN105554008A CN201511001471.5A CN201511001471A CN105554008A CN 105554008 A CN105554008 A CN 105554008A CN 201511001471 A CN201511001471 A CN 201511001471A CN 105554008 A CN105554008 A CN 105554008A
Authority
CN
China
Prior art keywords
key
user terminal
key pair
cipher key
cipher
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201511001471.5A
Other languages
Chinese (zh)
Other versions
CN105554008B (en
Inventor
李俊
崔忠勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201511001471.5A priority Critical patent/CN105554008B/en
Publication of CN105554008A publication Critical patent/CN105554008A/en
Application granted granted Critical
Publication of CN105554008B publication Critical patent/CN105554008B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a user terminal, an authentication server, a middle server, a system and a transmission method for a key for further improving the security for user authentication. The transmission method comprises the following steps of generating a second key pair corresponding to a first application by the middle server; sending a first key in the second key pair to the user terminal and sending a second key in the second key pair to the authentication server; generating a first key pair associated with user information by the user terminal; utilizing the first key in the second key pair corresponding to the first application to encrypt a second key in the first key pair to obtain first encryption information, and sending the first encryption information to the authentication server; and receiving the first encryption information from the user terminal in the authentication server, and utilizing the second key in the second key pair corresponding to the first application to decrypt the first encryption information to obtain the second key in the first key pair associated with the user information.

Description

User terminal, certificate server, intermediate server, system and transfer approach
Technical field
The present invention relates to user terminal, certificate server, intermediate server, comprise the system of user terminal and certificate server and intermediate server and be applied to the transfer approach of key of user terminal, certificate server, intermediate server and system.
Background technology
After generating client public key and private key for user in the user terminal, client public key is sent to certificate server.When carrying out user authentication, user terminal utilizes private key for user sign to authentication request and send to certificate server, and certificate server utilizes corresponding private key for user to carry out sign test, thus realizes user authentication.
But, in above-mentioned cipher key transmitting method, there is the risk being emitted user's malicious exploitation client public key by puppet, thus fail safe reduces.
Summary of the invention
The present invention completes in view of the above problems, its object is to provide a kind of user terminal, certificate server, intermediate server, comprise the system of user terminal and certificate server and intermediate server and be applied to the transfer approach of key of user terminal, certificate server, intermediate server and system, fail safe during user authentication can be improved further.
According to a first aspect of the invention, a kind of transfer approach being applied to the key of user terminal is provided.Described transfer approach comprises: generate the first double secret key be associated with user profile; Store the first key of the first cipher key pair be associated with user profile; To utilize and described in the first the first double secret key applying the second corresponding cipher key pair, the second key of the first cipher key pair is encrypted, obtain the first enciphered message; Described first enciphered message is sent to certificate server.Wherein, first key of described first cipher key pair is used for signing to the authentication request sent by user terminal, second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server, described second double secret key be generated by intermediate server first apply corresponding double secret key with described user terminal, the first key of described second cipher key pair is sent to described user terminal by described intermediate server.
According to a second aspect of the invention, a kind of transfer approach being applied to the key of certificate server is provided.Described transfer approach comprises: receive the first enciphered message from user terminal; Utilize apply the second corresponding cipher key pair with first the second double secret key described in the first enciphered message be decrypted, thus the second key of the first cipher key pair that acquisition is associated with user profile.Wherein, second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server, described second double secret key be generated by intermediate server first apply corresponding double secret key with described user terminal, the second key of described second cipher key pair is sent to described certificate server by described intermediate server.
According to a third aspect of the invention we, a kind of transfer approach being applied to the key of intermediate server is provided.Described transfer approach comprises: generate and apply the second corresponding double secret key with first; First key of described second cipher key pair is sent to user terminal; Second key of described second cipher key pair is sent to certificate server.Wherein, first key of described second cipher key pair is used for being encrypted the second key of the first sent cipher key pair in the user terminal, and the second key of described second cipher key pair is used for being decrypted the first received enciphered message in certificate server; First key of described first cipher key pair is used for signing to the authentication request sent by user terminal, and the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server.
According to a forth aspect of the invention, a kind of transfer approach of key is provided.Described transfer approach comprises: generated by intermediate server and apply the second corresponding double secret key with first; First key of described second cipher key pair is sent to user terminal, the second key of described second cipher key pair is sent to certificate server; The first double secret key be associated with user profile is generated by user terminal; To utilize and described in the first the first double secret key applying the second corresponding cipher key pair, the second key of the first cipher key pair is encrypted, obtain the first enciphered message, and described first enciphered message is sent to certificate server; In described certificate server, the first enciphered message is received from user terminal, utilize apply the second corresponding cipher key pair with first the second double secret key described in the first enciphered message be decrypted, thus the second key of the first cipher key pair that acquisition is associated with user profile.Wherein, the first key of described first cipher key pair is used for signing to the authentication request sent by user terminal, and the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server.
According to a fifth aspect of the invention, a kind of user terminal is provided.Described user terminal comprises: communication unit, and configuration sends and receives information; Memory cell, configuration carrys out storage key; Processing unit, configuration generates the first double secret key be associated with user profile, by the first key storage of the first cipher key pair of being associated with user profile to memory cell, and configuration utilize apply the second corresponding cipher key pair with first the first double secret key described in the second key of the first cipher key pair be encrypted, obtain the first enciphered message, control described communication unit and described first enciphered message is sent to certificate server.Wherein, first key of described first cipher key pair is used for signing to the authentication request sent by user terminal, second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server, described second double secret key be generated by intermediate server first apply corresponding double secret key with described user terminal, described processing unit by the first key storage of described second cipher key pair of being received by described communication unit to described memory cell.
According to a sixth aspect of the invention, a kind of certificate server is provided.Described certificate server comprises: communication unit, and configuration sends and receives information; Memory cell, configuration carrys out storage key; Processing unit, configure the first enciphered message utilizing the second double secret key applying the second corresponding cipher key pair with first to be received from user terminal by described communication unit to be decrypted, thus obtain the second key of the first cipher key pair be associated with user profile, and by the second key storage of described first cipher key pair to described memory cell.Wherein, second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server, described second double secret key be generated by intermediate server first apply corresponding double secret key with described user terminal, described processing unit by the second key storage of described second cipher key pair of being received from described intermediate server by described communication unit to described memory cell.
According to a seventh aspect of the invention, a kind of intermediate server is provided.Described intermediate server comprises: processing unit, and configuration generates applies the second corresponding double secret key with first; Communication unit, the first key of described second cipher key pair is sent to user terminal by configuration, and the second key of described second cipher key pair is sent to certificate server.Wherein, first key of described second cipher key pair is used for being encrypted the second key of the first sent cipher key pair in the user terminal, and the second key of described second cipher key pair is used for being decrypted the first received enciphered message in certificate server; First key of described first cipher key pair is used for signing to the authentication request sent by user terminal, and the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server.
According to an eighth aspect of the invention, a kind of system comprising intermediate server, user terminal and certificate server is provided.Wherein, described intermediate server comprises: the first processing unit, and configuration generates applies the second corresponding double secret key with first; First communication unit, the first key of described second cipher key pair is sent to user terminal by configuration, and the second key of described second cipher key pair is sent to certificate server.Described user terminal comprises: second communication unit, and configuration sends and receives information; Second processing unit, configuration generates the first double secret key be associated with user profile, to utilize and described in the first the first double secret key applying the second corresponding cipher key pair, the second key of the first cipher key pair is encrypted, obtain the first enciphered message, and control described second communication unit described first enciphered message is sent to certificate server.Described certificate server comprises: third communication unit, and configuration sends and receives information; 3rd processing unit, configure described first enciphered message utilizing the second double secret key applying the second corresponding cipher key pair with first to be received by described third communication unit to be decrypted, thus obtain the second key of the first cipher key pair be associated with user profile.Wherein, the first key of described first cipher key pair is used for signing to the authentication request sent by user terminal, and the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server.
According to user terminal of the present invention, certificate server, intermediate server, comprise the system of user terminal and certificate server and intermediate server and be applied to the transfer approach of key of user terminal, certificate server, intermediate server and system, the second double secret key generated by intermediate server is utilized when transmitting the second key of the first cipher key pair generated by user terminal, thus fail safe when can improve user authentication further.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of the system representing embodiments of the present invention.
Fig. 2 is the flow chart of the transfer approach of the key representing embodiments of the present invention.
Fig. 3 is the functional block diagram of the user terminal representing embodiments of the present invention.
Fig. 4 is the functional block diagram of the intermediate server representing embodiments of the present invention.
Fig. 5 is the functional block diagram of the certificate server representing embodiments of the present invention.
Embodiment
Below, with reference to accompanying drawing, embodiments of the present invention are described.There is provided the description referring to accompanying drawing, to help the understanding to the example embodiment of the present invention limited by claim and equivalent thereof.It comprises the various details helping to understand, but they can only be counted as exemplary.Therefore, those skilled in the art will recognize that, can make various changes and modifications execution mode described herein, and do not depart from the scope of the present invention and spirit.And, in order to make specification clearly succinct, will the detailed description to well known function and structure be omitted.
The system of embodiments of the present invention is described with reference to Fig. 1.The system of embodiments of the present invention comprises user terminal 1, intermediate server 2 and certificate server 3.In FIG, illustrate only a user terminal 1, but multiple user terminal 1 can be comprised in the system of embodiments of the present invention.
Wherein, can send and receive information between user terminal 1 and intermediate server 2, can send and receive information between intermediate server 2 and certificate server 3, and send and receive information between user terminal 1 and certificate server 3.
Particularly, user terminal 1 is such as the electronic equipment of mobile phone, panel computer, PC etc., can send authentication request, thus carry out certification to certificate server 3.In addition, user terminal 1 generates the first double secret key for carrying out user authentication, stores the first key of the first cipher key pair, and the second key of the first double secret key is sent to certificate server 3.Receive in certificate server 3 and store the second key of the first double secret key for carrying out user authentication, and the authentication request utilizing the second double secret key of this first double secret key to carry out user terminal 1 carries out user authentication.Wherein, the first double secret key is such as subscriber authentication key, and the first key of the first cipher key pair is subscriber authentication key private key, and the second key of the second cipher key pair is subscriber authentication key PKI.But in embodiments of the present invention, the first double secret key is not limited to subscriber authentication key, as long as the double secret key be associated with user profile, and the first double secret key is also not limited to unsymmetrical key, and also can be configured to is symmetric key.
Particularly, intermediate server 2 generates the second double secret key, and the first key of the second cipher key pair is sent to user terminal 1, and the second key of the second cipher key pair is sent to certificate server 3.Wherein, the second double secret key is such as application verification key, and the symmetric key that the first key being configured to the second cipher key pair is identical with the second key.But, in embodiments of the present invention, the second double secret key is not limited to application verification key, as long as with the application that can perform in user terminal 1 (such as, first application) corresponding double secret key, and the second double secret key to be also not limited to be symmetric key.As described later, in user terminal 1, utilize the first key of the second cipher key pair generated by intermediate server, the second key of the first cipher key pair sending to certificate server is encrypted, thus improve fail safe when key transmits.In certificate server 3, the second key of the second cipher key pair can be utilized, the second key of the first cipher key pair after encryption is decrypted, thus obtain the second key of the first cipher key pair.
And then intermediate server 2 can also generate the 3rd double secret key, and the first key of the 3rd cipher key pair is sent to user terminal 1.Wherein, the 3rd double secret key is such as device authentication key, and the first key of the 3rd cipher key pair is device authentication secret key and private key, and the second key of the 3rd cipher key pair is device authentication public key.But in embodiments of the present invention, the 3rd double secret key is not limited to device authentication key, as long as the double secret key be associated with user terminal 1, and the 3rd double secret key is also not limited to unsymmetrical key, and also can be configured to is symmetric key.Wherein, in intermediate server 2, utilize the second key of the 3rd cipher key pair, the first key of the second cipher key pair sending to user terminal 1 is encrypted.In user terminal 1, utilize the first key of the 3rd cipher key pair, the first key of the second cipher key pair after encryption is decrypted, thus obtain the first key of the second cipher key pair.
Wherein, intermediate server 2 is such as configured to the server of the server of manufacturer's management of subscriber equipment 1 or third party's management of independent operation, and therefore reliability is relative to user terminal 1 or certificate server 3 height.
Particularly, certificate server 3 receives and stores the second key of first cipher key pair of sending from user terminal 1, and the authentication request utilizing the second double secret key of this first cipher key pair to carry out user terminal 1 carries out sign test, thus certification is carried out to user terminal 1.Wherein, in certificate server 3, store the user profile of each user, each user profile is associated with the second key of the first cipher key pair.In addition, certificate server 3 can also receive and store the second key of second cipher key pair of sending from intermediate server 2, thus utilize the second key of this second cipher key pair, the second key carrying out the first cipher key pair of user terminal 1 after encryption is decrypted, thus obtains the second key of the first cipher key pair.
In addition, in certificate server 3, in response to the request carrying out user terminal 1, challenging value can be generated and sends to user terminal 1.And then, in certificate server 3, store the second key of the first cipher key pair of user terminal 1 explicitly with user profile, to carry out sign test to the authentication request carrying out user terminal 1.
Below, the transfer approach of the key of embodiments of the present invention is described with reference to Fig. 2.Fig. 2 is the flow chart of the transfer approach of the key representing embodiments of the present invention.Wherein, the transfer approach of embodiments of the present invention is not limited to the transfer approach of the key shown in Fig. 2, can omit as required or adjustment member step.
In the following explanation carried out with reference to Fig. 2, with in certain user terminal 1, generating the first double secret key be associated with the user profile of user A is that example launches explanation.Wherein, when carrying out user authentication, in this user terminal 1, should be used for sending this first double secret key by performing first.In addition, with the user profile of user A can in certificate server 3 user profile of registration in advance, also can be the user profile of not registration in advance in certificate server 3.
In addition, in fig. 2, for the first double secret key be comprise the subscriber authentication key of subscriber authentication key PKI and subscriber authentication key private key, application verification key that the second double secret key is symmetric key, the 3rd double secret key be the device authentication key comprising device authentication public key and device authentication secret key and private key, launches explanation.But as mentioned above, the first double secret key, the second double secret key and the 3rd double secret key are not limited to the example shown in Fig. 2.
In the step s 21, device authentication key is generated by intermediate server 2.Wherein, device authentication key comprises device authentication secret key and private key and device authentication public key.In addition, the device authentication key generated by intermediate server 2 is corresponding with each user terminal 1.
In step S22, stored the device authentication public key generated in the step s 21 by intermediate server 2.In addition, in step S22, device authentication public key can also be sent to certificate server 3 by intermediate server 2.Certainly, device authentication public key is also sent to certificate server 3 by intermediate server 2 in step S22, received by certificate server 3 and store the device authentication public key of sending from intermediate server.
In step S23, by intermediate server 2, device authentication secret key and private key is sent to user terminal 1.
In step s 11, received by user terminal 1 and store the device authentication secret key and private key sent from intermediate server 2.As described later, this device authentication key is used for being decrypted the enciphered message from intermediate server 2.
In embodiments of the present invention, by above-mentioned steps, difference memory device authentication secret PKI and device authentication secret key and private key in intermediate server 2 and user terminal 1.But, also by performing other process, difference memory device authentication secret PKI and device authentication secret key and private key in intermediate server 2 and user terminal 1 can be made.Such as, device authentication key can be generated by user terminal 1, and device authentication public key is sent to intermediate server 2.
As mentioned above, intermediate server 2 is such as configured to the server of the server of manufacturer's management of subscriber equipment 1 or third party's management of independent operation.The intermediate server 2 high by reliability generates device authentication key, thus can improve the fail safe of system as shown in Figure 1.
Turn back to Fig. 2, in step s 12, by user terminal 1, the generation request of application verification key is sent to intermediate server 2.Particularly, in the generation request of user terminal 1 transmission, comprise the identifying information of the first application.
In step s 24 which, intermediate server 2 is asked in response to this generation after receiving the generation request of user terminal 1, generates and first applies corresponding application verification key with user terminal 1.In addition, in the generation request carrying out user terminal 1 second application identifying information, in step s 24 which generate apply corresponding application verification key with second.Here, the application verification key generated by intermediate server 2 can be applied unique corresponding with each in user terminal 1, also can generate identical application verification key.In addition, in the example shown in Fig. 2, the second double secret key is application verification key that the first key of application verification key is identical with the second key (symmetric key to).
In step s 25, by intermediate server 2, the application verification key generated in step s 24 which is sent to certificate server 3.
In step S31, certificate server 3 receives and stores the application verification key sent by intermediate server 2.As described later, in certificate server 3, this application verification key is used for being decrypted the subscriber authentication key PKI sent from user terminal 1.
In step S26, intermediate server 2 utilizes device authentication public key to be encrypted application authentication secret, thus obtains enciphered message (the second enciphered message).Wherein, device authentication public key is such as generated by intermediate server 2 in the step s 21.Then, in step s 27, the enciphered message generated in step S26 is sent to user terminal 1.
Wherein, in the example shown in Fig. 2, utilize device authentication public key to encrypt application authentication secret, but also to the application verification secret key encryption generated in step s 24 which, and directly in step s 27 the application verification key of not encrypted can not be sent to user terminal 1.Certainly, by utilizing device authentication public key to encrypt application authentication secret, thus improve fail safe when to transmit application verification key between intermediate server 2 and user terminal 1.
In step s 13, the enciphered message sent from intermediate server is received by user terminal.In addition, when application verification key directly by not encrypted in intermediate server 2, in user terminal 1, the application verification key sent from intermediate server 2 is received.
In step S14, utilize device authentication secret key and private key by user terminal 1, the enciphered message of sending from intermediate server 2 (generating in step S26) is decrypted, thus obtain application verification key.Wherein, for the device authentication secret key and private key be decrypted enciphered message, such as, device authentication secret key and private key for being stored by step S11.In addition, when application verification key directly by not encrypted in intermediate server 2, directly step S15 is performed without the need to performing the decryption processing of step S14.
And then, in step S15, be stored in the application verification key obtained in step S14 by user terminal 1.Wherein, when application verification key directly by not encrypted in intermediate server 2, in user terminal 1, the application verification key received in step s 13 is stored.As described later, in user terminal 1, this application verification key is used to sending to the subscriber authentication key PKI of certificate server 3 to be encrypted.
The subscriber authentication key that the application verification key stored respectively in user terminal 1, certificate server 3 is used to sending certificate server 3 to from user terminal 1 encrypts and decrypts, thus can improve the fail safe of the subscriber authentication key transmitted between user terminal 1 and certificate server 3.
As mentioned above, intermediate server 2 is such as configured to the server of the server of manufacturer's management of subscriber equipment 1 or third party's management of independent operation.The intermediate server 2 high by reliability generates application verification key, thus can improve the fail safe of system as shown in Figure 1 further.
Turn back to Fig. 2, in step s 16, generated the subscriber authentication key be associated with user profile by user terminal 1.Wherein, subscriber authentication key comprises subscriber authentication key private key and subscriber authentication key PKI.Here, the user profile be associated with subscriber authentication key can be the user profile registered in certificate server in advance, also can be the user profile of not registration in certificate server 3 in advance.Wherein, the subscriber authentication key generated in step s 16 is corresponding with each user profile.
In step S17, stored the subscriber authentication key private key generated in step s 16 by user terminal 1.As described later, this subscriber authentication key private key is used for sending to the authentication request of certificate server 3 to sign.
In step S18, utilized by user terminal 1 and apply corresponding application verification key with first, subscriber authentication key PKI is encrypted, thus obtain enciphered message (the first enciphered message).Wherein, application verification key is the application verification key stored in step S15.
In step S19, by user terminal 1, the enciphered message generated in step S18 is sent to certificate server 3.Wherein, in the process transmitting this enciphered message, also can forward via intermediate server 2 from user terminal 1, thus be sent to certificate server 3.
Turn back to Fig. 2, in step s 32, receive the first enciphered message by certificate server 3 from user terminal 1.
Then, in step S33, utilized by certificate server 3 and apply corresponding application verification double secret key first enciphered message with first and be decrypted, thus obtain the subscriber authentication key PKI be associated with user profile.Wherein, this application verification key is generated by intermediate server 2 and receives in step S31 and the application verification key stored.
And then, in step S34, the subscriber authentication key PKI obtained in step S33 and user profile are stored explicitly.Particularly, when obtained subscriber authentication key PKI is corresponding with first user information, this first user information and subscriber authentication key PKI are stored explicitly.And then, when obtained subscriber authentication key PKI is corresponding with the second user profile, this second user profile and subscriber authentication key PKI are stored explicitly.Wherein, the user profile be associated with subscriber authentication key PKI can notify from user terminal 1 to certificate server, such as, together send with subscriber authentication key PKI, or sends the information of the relevance representing this subscriber authentication key and first user information.Thus, certificate server 3 can know the subscriber authentication key PKI obtained in step S33 with which user profile is associated.When user authentication, certificate server 3 can utilize this subscriber authentication key PKI, carries out sign test, thus can realize user authentication to the authentication request after being signed by user terminal 1.
As mentioned above, be used for when user terminal 1 is transmitted in user authentication to certificate server 3 the subscriber authentication key PKI carrying out sign test time, utilize and to be generated by intermediate server 2 and the application verification key sending user terminal 1 and certificate server 3 to encrypts and decrypts, thus the fail safe of the transmission of subscriber authentication key PKI can be improved.
As mentioned above, the user profile be associated with subscriber authentication key can be the user profile registered in certificate server in advance, can be the user profile of not registration in certificate server 3 in advance.That is, this user profile is not registered.In this case, in embodiments of the present invention, the process can registering the user profile be associated with subscriber authentication key and the process sending subscriber authentication key are carried out simultaneously, thus can raise the efficiency.In addition, for convenience of explanation, will the user profile of prior registration in certificate server 3 do not had to be called user's registration information.
Particularly, in user terminal 1, user's registration information and the first enciphered message of generating in step S18 are sent to certificate server 3.And then preferably, in user terminal 1, also can utilize application verification key, user's registration information is encrypted.Afterwards, in user terminal 1, the user's registration information after encryption and the first enciphered message of generating in step S18 are sent to certificate server 3.Now, the application verification key for being encrypted subscriber authentication key PKI is applied unique corresponding with first in user terminal 1.
Correspondingly, in certificate server 3, receive user's registration information and the first enciphered message from user terminal 1.Then, in certificate server 3, as shown in step S33, unique corresponding application verification key is applied to the first enciphered message utilization and first in user terminal 1 that receive and is decrypted, thus obtain subscriber authentication key PKI.And then obtained subscriber authentication key PKI and the user's registration information received store by certificate server 3 explicitly.Thereby, it is possible to complete the registration to the user's registration information received, and can with this user's registration information stored user authentication public key explicitly.
In addition, in user terminal 1, utilize application verification double secret key user's registration information to be encrypted, and when sending the user's registration information after this encryption, in certificate server 3, receive the user's registration information after this encryption from user terminal 1 together with the first enciphered message.Now, in certificate server 3, utilize application verification key to be decrypted to the user's registration information after encryption, thus obtain user's registration information.Then, obtained user's registration information and subscriber authentication key PKI are stored explicitly.
As mentioned above, utilize and apply unique corresponding application verification key with first, send to the user's registration information of certificate server 3 to encrypt and decrypt to from user terminal 1, thus the fail safe of the transmission of user's registration information can be improved.
By the process shown in Fig. 2, in user terminal 1, store subscriber authentication key private key, in certificate server 3, store subscriber authentication key PKI.In the above description, this subscriber authentication key private key and subscriber authentication key PKI are used for signing and sign test to the authentication request sent by user terminal 1.Below, explanation is launched in conjunction with concrete user authentication process.
When carrying out user authentication, in user terminal 1, generate authentication request, and utilize subscriber authentication key private key to sign to generated authentication request.Wherein, in authentication request, such as user profile etc. can be comprised.And then the authentication request after signature is sent to certificate server 3 by user terminal 1.
After certificate server 3 receives the authentication request after signature, the subscriber authentication key PKI stored in certificate server 3 is utilized to carry out sign test.Do not store in certificate server 3 can sign test successful subscriber authentication key PKI, be judged to be user authentication failure.In the successful situation of sign test, user authentication success can be judged to be.In addition, in the successful situation of sign test, also can judge that whether the user profile comprised in the authentication request of sending from user terminal 1 is consistent with the user profile that sign test successful subscriber authentication key PKI stores explicitly further, only when consistent, be judged to be user authentication success.
In addition, in embodiments of the present invention, before user terminal 1 generates authentication request, certificate server 3 is sent request, thus obtain challenging value.That is, authentication server response is in this request, sends challenging value to user terminal 1.Now, in the authentication request that user terminal 1 generates, the challenging value obtained from certificate server can be comprised.
Correspondingly, in certificate server 3, in the successful situation of sign test, can judge that whether the challenging value comprised in the authentication request of sending from user terminal 1 is consistent with sending to the challenging value of user terminal 1 further, only when consistent, be judged to be user authentication success.
In addition, in embodiments of the present invention, user terminal 1 sends in the authentication request of certificate server also can comprise the information such as fingerprint ID, password, correspondingly, the information such as fingerprint ID, password comprised in authentication request in certificate server 3 meets defined terms, be judged to be user authentication success.
As mentioned above, the transfer approach being applied to the key of user terminal, certificate server, intermediate server and system according to the embodiment of the present invention, the second double secret key generated by intermediate server 2 is utilized when transmitting the second key of the first cipher key pair generated by user terminal 1, thus fail safe when can improve user authentication further.
Below, the user terminal of embodiments of the present invention is described with reference to Fig. 3.Fig. 3 is the functional block diagram of the user terminal representing embodiments of the present invention.
As shown in Figure 3, user terminal 1 comprises communication unit 11, memory cell 12 and processing unit 13.Wherein, user terminal 1 is such as the electronic equipment of mobile phone, panel computer, PC etc., can send authentication request, thus carry out certification to certificate server 3.
Communication unit 11 configuration sends and receives information.Particularly, communication unit 11 can communicate with certificate server 3 with intermediate server 2, thus sends and receives information with intermediate server 2 and certificate server 3.
Such as, the first enciphered message generated in the step S18 shown in Fig. 2 is sent to certificate server 3 by communication unit 11.In addition, communication unit 11 receives the first key of the second cipher key pair from intermediate server 2.
In addition, in embodiments of the present invention alternatively, communication unit 11 receives the first key of the 3rd cipher key pair from intermediate server 2.And then alternatively, communication unit 11 receives the second enciphered message after utilizing the first secret key encryption of the second double secret key second cipher key pair of the 3rd cipher key pair from intermediate server 2.
Memory cell 12 configures storage key.Particularly, the first key of the first cipher key pair generated in the step S16 shown in memory cell 12 storage figure 2.In addition, memory cell 12 also stores the first key of the second cipher key pair received from intermediate server 2 by communication unit 11, thus is encrypted the second key of the first cipher key pair in step S18.
In addition, in embodiments of the present invention alternatively, memory cell 12 also stores the first key of the 3rd cipher key pair received from intermediate server 2.Thus, when communication unit 11 receives the second enciphered message after utilizing the first secret key encryption of the second double secret key second cipher key pair of the 3rd cipher key pair from intermediate server 2, the first key of the 3rd cipher key pair can be utilized to be decrypted.
Processing unit 13 configuration is encrypted decryption processing, and can control communication unit 11 and memory cell 12.Particularly, processing unit 13 generates the first double secret key be associated with user profile, and control store unit 12 stores the first key of the first cipher key pair.In addition, processing unit 13 utilizes the first key of the second cipher key pair stored in memory cell 12, is encrypted the second key of the first cipher key pair generated by processing unit 13, thus obtains the first enciphered message.Then, processing unit 13 controls communication unit 11 and first enciphered message is sent to certificate server 3.
In addition, in embodiments of the present invention alternatively, processing unit 13 by the first key storage of the 3rd cipher key pair of being received by communication unit 11 to memory cell 12.And then, in embodiments of the present invention alternatively, when receiving the second enciphered message after utilizing the first secret key encryption of the second double secret key second cipher key pair of the 3rd cipher key pair by communication unit 11 from intermediate server 2, utilize the first double secret key second enciphered message of the 3rd cipher key pair stored in memory cell 12 to be decrypted, thus obtain the first key of the second cipher key pair.
Wherein, as mentioned above, the first double secret key is such as subscriber authentication key, and the first key of the first cipher key pair is subscriber authentication key private key, and the second key of the second cipher key pair is subscriber authentication key PKI.But in embodiments of the present invention, the first double secret key is not limited to subscriber authentication key, as long as the double secret key be associated with user profile, and the first double secret key is also not limited to unsymmetrical key, and also can be configured to is symmetric key.
In addition, as mentioned above, the first key of the first cipher key pair and the second key are used for sending to the authentication request of certificate server 3 to sign and sign test to by user terminal 1.
Particularly, processing unit 13 generates authentication request, and utilizes subscriber authentication key private key to sign to generated authentication request.Wherein, in authentication request, such as user profile etc. can be comprised.And then processing unit 13 controls communication unit 11 and the authentication request after signature is sent to certificate server 3.
In addition, in embodiments of the present invention preferably, processing unit 13, before generation authentication request, controls communication unit 11 pairs of certificate servers 3 and sends request, thus obtain challenging value.That is, certificate server 3 is in response to this request, sends challenging value to user terminal 1.Now, processing unit 13, when generating authentication request, can comprise the challenging value obtained from certificate server in authentication request.And then processing unit 13, when generating authentication request, also can comprise the information such as fingerprint ID, password in authentication request.
Below, the intermediate server of embodiments of the present invention is described with reference to Fig. 4.Fig. 4 is the functional block diagram of the intermediate server representing embodiments of the present invention.Wherein, intermediate server is such as configured to the server of the server of manufacturer's management of subscriber equipment 1 or third party's management of independent operation, and therefore reliability is relative to user terminal 1 or certificate server 3 height.
As shown in Figure 4, intermediate server 2 comprises processing unit 21 and communication unit 22.
Processing unit 21 configuration generates applies the second corresponding double secret key with first.Wherein, the second double secret key is such as application verification key, and the symmetric key that the first key being configured to the second cipher key pair is identical with the second key.But, in embodiments of the present invention, the second double secret key is not limited to application verification key, as long as with the application that can perform in user terminal 1 (such as, first application) corresponding double secret key, and the second double secret key to be also not limited to be symmetric key.As described later, in user terminal 1, utilize the first key of the second cipher key pair generated by intermediate server, the second key of the first cipher key pair sending to certificate server is encrypted, thus improve fail safe when key transmits.In certificate server 3, the second key of the second cipher key pair can be utilized, the second key of the first cipher key pair after encryption is decrypted, thus obtain the second key of the first cipher key pair.
In addition, processing unit 21 in response to the generation request carrying out user terminal 1, can generating and applies the second corresponding double secret key with first, also can generate the second double secret key when meeting defined terms.In addition, the second double secret key can be applied unique corresponding with each in user terminal 1, also can generate identical application verification key.
And then in embodiments of the present invention alternatively, processing unit 21 can also generate the 3rd double secret key.3rd double secret key is such as device authentication key, and the first key of the 3rd cipher key pair is device authentication secret key and private key, and the second key of the 3rd cipher key pair is device authentication public key.But in embodiments of the present invention, the 3rd double secret key is not limited to device authentication key, as long as the double secret key be associated with user terminal 1, and the 3rd double secret key is also not limited to unsymmetrical key, and also can be configured to is symmetric key.
In addition, in embodiments of the present invention alternatively, processing unit 21 utilizes the second key of the 3rd cipher key pair, is encrypted the first key of the second cipher key pair sending to user terminal 1.In user terminal 1, utilize the first key of the 3rd cipher key pair, the first key of the second cipher key pair after encryption is decrypted, thus obtain the first key of the second cipher key pair.
Turn back to Fig. 4, the first key of the second cipher key pair generated by processing unit 21 is sent to user terminal 1 by communication unit 22, and the second key of the second cipher key pair is sent to certificate server.
In addition, the second key of the 3rd cipher key pair is being utilized by processing unit 21, first key of the second cipher key pair sending to user terminal 1 is encrypted, thus when obtaining the second enciphered message, communication unit 22 pairs of user terminals 1 send the second enciphered message after encryption.And then when generating the 3rd double secret key by processing unit 21, the first key of the 3rd cipher key pair is sent to user terminal 1 by communication unit 22.Thus, in user terminal 1, the first key of the 3rd cipher key pair received from intermediate server 2 can be utilized, the second enciphered message sent from communication unit 22 is decrypted, thus obtain the first key of the second cipher key pair.
Below, the certificate server of embodiments of the present invention is described with reference to Fig. 5.Fig. 5 is the functional block diagram of the certificate server representing embodiments of the present invention.
As shown in Figure 5, certificate server 3 comprises communication unit 31, memory cell 32 and processing unit 33.Wherein, certificate server 3 can carry out sign test to the authentication request after the signature received from user terminal 1, thus realizes user authentication process.
Communication unit 31 configuration sends and receives information.Particularly, communication unit 31 can communicate with intermediate server 2 with user terminal 1, thus sends and receives information with user terminal 1 and intermediate server 2.
Particularly, communication unit 31 receives the first enciphered message carrying out user terminal 1 in the step S32 shown in Fig. 2.In addition, in embodiments of the present invention, communication unit 31 receives the second key of the second cipher key pair from intermediate server 2 in the step S31 shown in Fig. 2.
Memory cell 32 configures storage key.Particularly, memory cell 32 stores the second key of the second cipher key pair received by communication unit 31.In addition, memory cell 32 also stores the second key of the first cipher key pair generated by user terminal 1.
Processing unit 33 configuration is decrypted process, and can control communication unit 31 and memory cell 32.Particularly, processing unit 33 utilizes the second key of the second cipher key pair, the first enciphered message received by communication unit 31 is decrypted, thus obtains the second key of the first cipher key pair, and then by the second key storage of the first obtained cipher key pair to memory cell 32.
In addition, as mentioned above, the first key of the first cipher key pair and the second key are used for sending to the authentication request of certificate server 3 to sign and sign test to by user terminal 1.
Particularly, when the authentication request after communication unit 13 receives signature from user terminal 1, processing unit 33 utilizes the second key of the first cipher key pair stored in memory cell 32 to carry out sign test.Do not store in certificate server 3 can the second key of sign test successful first cipher key pair, be judged to be user authentication failure.In the successful situation of sign test, user authentication success can be judged to be.
In addition, when comprising user profile in the authentication request carrying out user terminal 1, when utilizing the second key of the first cipher key pair stored in memory cell 32 to carry out sign test success, processing unit 33 also can judge that whether the user profile comprised in the authentication request of sending from user terminal 1 is consistent with the user profile that sign test successful subscriber authentication key PKI stores explicitly further, only when consistent, be judged to be user authentication success.
And then preferably, the request carrying out user terminal 1 that processing unit 33 receives in response to communication unit 31, generates challenging value and controls communication unit 31 and send to user terminal.Now, processing unit 33 is in the successful situation of sign test, can judging that whether the challenging value comprised in the authentication request of sending from user terminal 1 is consistent with sending to the challenging value of user terminal 1 further, only when consistent, being judged to be user authentication success.In embodiments of the present invention alternatively, the information such as fingerprint ID, password that processing unit 33 only comprises in authentication request meets defined terms, be judged to be user authentication success.
As mentioned above, the system comprising user terminal 1, certificate server 2 and intermediate server 3 shown in user terminal 1 according to the embodiment of the present invention, certificate server 2, intermediate server 3 and Fig. 1, the second double secret key generated by intermediate server 2 is utilized when transmitting the second key of the first cipher key pair generated by user terminal 1, thus fail safe when can improve user authentication further.
Those of ordinary skill in the art can recognize, are combined in unit and the step of embodiments of the present invention description, can realize with electronic hardware, computer software or the combination of the two.And software module can be placed in the computer-readable storage medium of arbitrary form.In order to the interchangeability of hardware and software is clearly described, generally describe composition and the step of each example in the above description according to function.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Those skilled in the art can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
Each execution mode of the present invention is described in detail above.But, it should be appreciated by those skilled in the art that without departing from the principles and spirit of the present invention, various amendment can be carried out to these execution modes, combination or sub-portfolio, and such amendment should fall within the scope of the present invention.

Claims (21)

1. a transfer approach for key, is applied to user terminal, and described transfer approach comprises:
Generate the first double secret key be associated with user profile;
Store the first key of the first cipher key pair be associated with user profile;
To utilize and described in the first the first double secret key applying the second corresponding cipher key pair, the second key of the first cipher key pair is encrypted, obtain the first enciphered message;
Described first enciphered message is sent to certificate server,
Wherein, the first key of described first cipher key pair is used for signing to the authentication request sent by user terminal, and the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server,
Described second double secret key be generated by intermediate server first apply corresponding double secret key with described user terminal, the first key of described second cipher key pair is sent to described user terminal by described intermediate server.
2. transfer approach as claimed in claim 1, also comprises:
Receive the second enciphered message of being sent by described intermediate server, wherein, described second enciphered message obtains for the first secret key encryption of the second cipher key pair that described intermediate server utilizes the second double secret key of the 3rd cipher key pair to generate;
Utilize the second enciphered message described in the first double secret key of the 3rd cipher key pair to be decrypted, obtain the first key of described second cipher key pair.
3. transfer approach as claimed in claim 2, also comprises:
Obtain the first key of the 3rd cipher key pair generated by described intermediate server;
Store the first key of the 3rd cipher key pair obtained.
4. transfer approach as claimed in claim 1, wherein,
Described second double secret key and first in user terminal are applied unique corresponding,
Described transfer approach also comprises:
User's registration information and described first enciphered message are sent to described certificate server, to make described first double secret key be associated with described user's registration information, wherein in described certificate server, the second key of described user's registration information and described first cipher key pair is stored explicitly.
5. transfer approach as claimed in claim 4, also comprises:
User's registration information described in the first double secret key of described second cipher key pair is utilized to be encrypted,
Correspondingly, described user's registration information and described first enciphered message are sent to described certificate server, comprising:
User's registration information after encryption and described first enciphered message are sent to described certificate server.
6. a transfer approach for key, is applied to certificate server, and described transfer approach comprises:
The first enciphered message is received from user terminal;
Utilize apply the second corresponding cipher key pair with first the second double secret key described in the first enciphered message be decrypted, thus the second key of the first cipher key pair that acquisition is associated with user profile,
Wherein, the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server,
Described second double secret key be generated by intermediate server first apply corresponding double secret key with described user terminal, the second key of described second cipher key pair is sent to described certificate server by described intermediate server.
7. transfer approach as claimed in claim 6, also comprises:
Obtain and store the second key of the second cipher key pair generated by described intermediate server.
8. transfer approach as claimed in claim 6,
Described second double secret key and first in user terminal are applied unique corresponding,
Described transfer approach also comprises:
Receive user's registration information and described first enciphered message from user terminal, be associated with described user's registration information to make described first double secret key;
Second key of the first cipher key pair and described user's registration information are stored explicitly.
9. transfer approach as claimed in claim 8, also comprises:
User's registration information described in the second double secret key of described second cipher key pair is utilized to be decrypted,
Correspondingly, receive user's registration information and described first enciphered message from user terminal, comprising:
The user's registration information after encryption and described first enciphered message is received from user terminal.
10. a transfer approach for key, is applied to intermediate server, and described transfer approach comprises:
Generate and apply the second corresponding double secret key with first;
First key of described second cipher key pair is sent to user terminal;
Second key of described second cipher key pair is sent to certificate server,
Wherein, first key of described second cipher key pair is used for being encrypted the second key of the first sent cipher key pair in the user terminal, and the second key of described second cipher key pair is used for being decrypted the first received enciphered message in certificate server;
First key of described first cipher key pair is used for signing to the authentication request sent by user terminal, and the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server.
11. transfer approachs as claimed in claim 10, wherein,
First key of described second cipher key pair is sent in the step of user terminal,
Utilize the first key of the second double secret key second cipher key pair of the 3rd cipher key pair to be encrypted, thus obtain the second enciphered message;
Described second enciphered message is sent to user terminal,
First key of described second cipher key pair is by utilizing the second enciphered message described in the first double secret key of the 3rd cipher key pair be decrypted and obtain in the user terminal.
12. transfer approachs as claimed in claim 11, also comprise:
Generate the 3rd double secret key;
By the first encryption key distribution of the 3rd cipher key pair to user terminal, store the second key of the 3rd cipher key pair.
The transfer approach of 13. 1 kinds of keys, comprising:
Generated by intermediate server and apply the second corresponding double secret key with first;
First key of described second cipher key pair is sent to user terminal, the second key of described second cipher key pair is sent to certificate server;
The first double secret key be associated with user profile is generated by user terminal;
To utilize and described in the first the first double secret key applying the second corresponding cipher key pair, the second key of the first cipher key pair is encrypted, obtain the first enciphered message, and described first enciphered message is sent to certificate server;
In described certificate server, the first enciphered message is received from user terminal, utilize apply the second corresponding cipher key pair with first the second double secret key described in the first enciphered message be decrypted, thus the second key of the first cipher key pair that acquisition is associated with user profile
Wherein, the first key of described first cipher key pair is used for signing to the authentication request sent by user terminal, and the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server.
14. transfer approachs as claimed in claim 13, wherein,
First key of described second cipher key pair is sent in the step of user terminal,
Utilize the first key of the second double secret key second cipher key pair of the 3rd cipher key pair to be encrypted, thus obtain the second enciphered message;
Described second enciphered message is sent to user terminal,
Described transfer approach also comprises:
In the user terminal, the second enciphered message sent by described intermediate server is received;
Utilize the second enciphered message described in the first double secret key of the 3rd cipher key pair to be decrypted, obtain the first key of described second cipher key pair.
15. transfer approachs as claimed in claim 14, wherein,
In described intermediate server, generate the 3rd double secret key;
By the first encryption key distribution of the 3rd cipher key pair to user terminal, store the second key of the 3rd cipher key pair.
16. transfer approachs as claimed in claim 13, wherein,
Described second double secret key and first in user terminal are applied unique corresponding,
Described transfer approach also comprises:
In the user terminal, user's registration information and described first enciphered message are sent to described certificate server, be associated to make user's registration information described in described first double secret key;
In certificate server, receive user's registration information and described first enciphered message from user terminal;
Second key of the first cipher key pair and described user's registration information are stored explicitly.
17. transfer approachs as claimed in claim 16, also comprise:
In the user terminal, user's registration information described in the first double secret key of described second cipher key pair is utilized to be encrypted,
Correspondingly, described user's registration information and described first enciphered message are sent to described certificate server, comprising:
User's registration information after encryption and described first enciphered message are sent to described certificate server,
In certificate server, user's registration information described in the second double secret key of described second cipher key pair is utilized to be decrypted,
Correspondingly, receive user's registration information and described first enciphered message from user terminal, comprising:
The user's registration information after encryption and described first enciphered message is received from user terminal.
18. 1 kinds of user terminals, comprising:
Communication unit, configuration sends and receives information;
Memory cell, configuration carrys out storage key;
Processing unit, configuration generates the first double secret key be associated with user profile, by the first key storage of the first cipher key pair of being associated with user profile to memory cell, and configuration utilize apply the second corresponding cipher key pair with first the first double secret key described in the second key of the first cipher key pair be encrypted, obtain the first enciphered message, control described communication unit and described first enciphered message is sent to certificate server
Wherein, first key of described first cipher key pair is used for signing to the authentication request sent by user terminal, second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server, described second double secret key be generated by intermediate server first apply corresponding double secret key with described user terminal
Described processing unit by the first key storage of described second cipher key pair of being received by described communication unit to described memory cell.
19. 1 kinds of certificate servers, comprising:
Communication unit, configuration sends and receives information;
Memory cell, configuration carrys out storage key;
Processing unit, configure the first enciphered message utilizing the second double secret key applying the second corresponding cipher key pair with first to be received from user terminal by described communication unit to be decrypted, thus obtain the second key of the first cipher key pair be associated with user profile, and by the second key storage of described first cipher key pair to described memory cell
Wherein, the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server, described second double secret key be generated by intermediate server first apply corresponding double secret key with described user terminal,
Described processing unit by the second key storage of described second cipher key pair of being received from described intermediate server by described communication unit to described memory cell.
20. 1 kinds of intermediate servers, comprising:
Processing unit, configuration generates applies the second corresponding double secret key with first;
Communication unit, the first key of described second cipher key pair is sent to user terminal by configuration, and the second key of described second cipher key pair is sent to certificate server,
Wherein, first key of described second cipher key pair is used for being encrypted the second key of the first sent cipher key pair in the user terminal, and the second key of described second cipher key pair is used for being decrypted the first received enciphered message in certificate server;
First key of described first cipher key pair is used for signing to the authentication request sent by user terminal, and the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server.
21. 1 kinds of systems, comprise intermediate server, user terminal and certificate server, wherein
Described intermediate server comprises:
First processing unit, configuration generates applies the second corresponding double secret key with first;
First communication unit, the first key of described second cipher key pair is sent to user terminal by configuration, and the second key of described second cipher key pair is sent to certificate server,
Described user terminal comprises:
Second communication unit, configuration sends and receives information;
Second processing unit, configuration generates the first double secret key be associated with user profile, to utilize and described in the first the first double secret key applying the second corresponding cipher key pair, the second key of the first cipher key pair is encrypted, obtain the first enciphered message, and control described second communication unit and described first enciphered message is sent to certificate server
Described certificate server comprises:
Third communication unit, configuration sends and receives information;
3rd processing unit, configure described first enciphered message utilizing the second double secret key applying the second corresponding cipher key pair with first to be received by described third communication unit to be decrypted, thus obtain the second key of the first cipher key pair be associated with user profile
Wherein, the first key of described first cipher key pair is used for signing to the authentication request sent by user terminal, and the second key of described first cipher key pair is used for carrying out sign test to the authentication request after received signature in described certificate server.
CN201511001471.5A 2015-12-28 2015-12-28 User terminal, certificate server, intermediate server, system and transfer approach Active CN105554008B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511001471.5A CN105554008B (en) 2015-12-28 2015-12-28 User terminal, certificate server, intermediate server, system and transfer approach

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511001471.5A CN105554008B (en) 2015-12-28 2015-12-28 User terminal, certificate server, intermediate server, system and transfer approach

Publications (2)

Publication Number Publication Date
CN105554008A true CN105554008A (en) 2016-05-04
CN105554008B CN105554008B (en) 2018-12-14

Family

ID=55832942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511001471.5A Active CN105554008B (en) 2015-12-28 2015-12-28 User terminal, certificate server, intermediate server, system and transfer approach

Country Status (1)

Country Link
CN (1) CN105554008B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106648770A (en) * 2016-12-09 2017-05-10 武汉斗鱼网络科技有限公司 Generating method, loading method and device for application program installation package
CN107493281A (en) * 2017-08-16 2017-12-19 海信集团有限公司 encryption communication method and device
CN107911393A (en) * 2017-12-28 2018-04-13 北京明朝万达科技股份有限公司 A kind of data safety management system and method
CN109600231A (en) * 2018-12-05 2019-04-09 深圳市琦迹技术服务有限公司 Data safety communication system and method
CN109660534A (en) * 2018-12-15 2019-04-19 平安科技(深圳)有限公司 Safety certifying method, device, electronic equipment and storage medium based on more trade companies
CN114845295A (en) * 2022-04-22 2022-08-02 中科华宸创新科技研发中心有限公司 Mobile security customized terminal encryption system and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101640590A (en) * 2009-05-26 2010-02-03 深圳市安捷信联科技有限公司 Method for obtaining identification cipher algorithm private key and cipher center
US20100174911A1 (en) * 2007-05-24 2010-07-08 Nec Corporation Anonymous authentication system and anonymous authentication method
US20120311331A1 (en) * 2011-05-30 2012-12-06 Sony Corporation Logon verification apparatus, system and method for performing logon verification
CN103684798A (en) * 2013-12-31 2014-03-26 南京理工大学连云港研究院 Authentication system used in distributed user service
CN103763631A (en) * 2014-01-07 2014-04-30 青岛海信信芯科技有限公司 Authentication method, server and television

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100174911A1 (en) * 2007-05-24 2010-07-08 Nec Corporation Anonymous authentication system and anonymous authentication method
CN101640590A (en) * 2009-05-26 2010-02-03 深圳市安捷信联科技有限公司 Method for obtaining identification cipher algorithm private key and cipher center
US20120311331A1 (en) * 2011-05-30 2012-12-06 Sony Corporation Logon verification apparatus, system and method for performing logon verification
CN103684798A (en) * 2013-12-31 2014-03-26 南京理工大学连云港研究院 Authentication system used in distributed user service
CN103763631A (en) * 2014-01-07 2014-04-30 青岛海信信芯科技有限公司 Authentication method, server and television

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106648770A (en) * 2016-12-09 2017-05-10 武汉斗鱼网络科技有限公司 Generating method, loading method and device for application program installation package
CN107493281A (en) * 2017-08-16 2017-12-19 海信集团有限公司 encryption communication method and device
CN107911393A (en) * 2017-12-28 2018-04-13 北京明朝万达科技股份有限公司 A kind of data safety management system and method
CN107911393B (en) * 2017-12-28 2019-01-25 北京明朝万达科技股份有限公司 A kind of data safety management system and method
CN109600231A (en) * 2018-12-05 2019-04-09 深圳市琦迹技术服务有限公司 Data safety communication system and method
CN109600231B (en) * 2018-12-05 2021-10-29 深圳市琦迹技术服务有限公司 Data security communication system and method
CN109660534A (en) * 2018-12-15 2019-04-19 平安科技(深圳)有限公司 Safety certifying method, device, electronic equipment and storage medium based on more trade companies
CN109660534B (en) * 2018-12-15 2022-01-28 平安科技(深圳)有限公司 Multi-merchant-based security authentication method and device, electronic equipment and storage medium
CN114845295A (en) * 2022-04-22 2022-08-02 中科华宸创新科技研发中心有限公司 Mobile security customized terminal encryption system and device
CN114845295B (en) * 2022-04-22 2025-04-04 中科华宸创新科技研发中心有限公司 A mobile security customized terminal encryption system

Also Published As

Publication number Publication date
CN105554008B (en) 2018-12-14

Similar Documents

Publication Publication Date Title
US12375304B2 (en) Mutual authentication of confidential communication
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
CN103152366B (en) Obtain the method for terminal authorization, terminal and server
US9716591B2 (en) Method for setting up a secure connection between clients
JP2020530726A (en) NFC tag authentication to remote servers with applications that protect supply chain asset management
KR101706117B1 (en) Apparatus and method for other portable terminal authentication in portable terminal
TWI581599B (en) Key generation system, data signature and encryption system and method
CN105553951A (en) Data transmission method and data transmission device
CA2879910C (en) Terminal identity verification and service authentication method, system and terminal
CN105554008A (en) User terminal, authentication server, middle server, system and transmission method
CN110192381A (en) Key transmission method and device
CN109309566B (en) An authentication method, device, system, device and storage medium
CN103297403A (en) Method and system for achieving dynamic password authentication
CN104412273A (en) Method and system for activation
US11425547B2 (en) Master-slave system for communication over a Bluetooth Low Energy connection
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN101783800A (en) Embedded system safety communication method, device and system
CN113497778A (en) Data transmission method and device
CN105162599A (en) Data transmission system and data transmission method
CN104917807A (en) Resource transfer method, apparatus and system
CN104661219A (en) Communication method of wireless equipment, wireless equipment and server
CN104253801A (en) Method, device and system for realizing login authentication
CN104883255A (en) Password resetting method and device
CN103905388A (en) Authentication method, authentication device, smart card, and server
KR20190115489A (en) IOT equipment certification system utilizing security technology

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant