[go: up one dir, main page]

WO2018033017A1 - Procédé et système de conversion d'état de terminal pour octroi de crédit - Google Patents

Procédé et système de conversion d'état de terminal pour octroi de crédit Download PDF

Info

Publication number
WO2018033017A1
WO2018033017A1 PCT/CN2017/096835 CN2017096835W WO2018033017A1 WO 2018033017 A1 WO2018033017 A1 WO 2018033017A1 CN 2017096835 W CN2017096835 W CN 2017096835W WO 2018033017 A1 WO2018033017 A1 WO 2018033017A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
data
authentication
server
state
Prior art date
Application number
PCT/CN2017/096835
Other languages
English (en)
Chinese (zh)
Inventor
陈菲菲
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Publication of WO2018033017A1 publication Critical patent/WO2018033017A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a terminal state transition method and system for granting credit.
  • the terminal In the field of financial payment, in order to ensure the legitimacy of the program on the terminal device, the terminal needs to introduce a digital signature scheme, and the root public key certificate is preset in the terminal, and only the program using the private key corresponding to the work public key certificate of the root public key certificate can be downloaded. To the terminal. When the terminal is in normal use, the program downloaded to the terminal must be signed, which is greatly inconvenient for application developer debugging. In order to facilitate application developer debugging, the terminal has a debugging state, and the application can be downloaded to the terminal without signing.
  • the inventor provides a method for terminal state transition of a credit, and the technical solution is as follows:
  • a method for transferring terminal state transitions includes the steps of:
  • the server sends the first to-be-certified data to the state conversion tool, and the state transition tool obtains the work public key certificate and the work private key from the U-KEY; the state transition tool uses the work private key to perform the first to-be-certified data.
  • Encrypting, generating first authentication data the state conversion tool sends the working public key certificate and the first authentication data to the server; the server authenticates the first authentication data; and the terminal sends the second to-be-authenticated data to the state conversion tool ; the state conversion tool uses the work private key Encrypting the second to-be-certified data to generate second authentication data, the state conversion tool sends the working public key certificate and the second authentication data to the terminal; the terminal authenticates the second authentication data; After the authentication data is authenticated and the terminal authenticates the second authentication data, the state transition tool obtains the data to be authenticated from the terminal, and the state transition tool sends the data to be authenticated to the server; the server uses the authentication private key to perform the data to be authenticated. Encrypted to generate authentication data, the
  • the server authenticates the first authentication data, including the steps: the server receives the working public key certificate, and the server extracts the public key in the working public key certificate, and the server uses the public key to
  • the first authentication data is decrypted, and the plaintext of the data to be authenticated in the first authentication data is obtained, and the plaintext of the data to be authenticated in the first authentication data is consistent with the data to be authenticated.
  • the terminal authenticates the second authentication data, including the steps: the terminal receives the working public key certificate, the terminal extracts the public key in the working public key certificate, and the terminal uses the public key to perform the second authentication data.
  • Decrypting obtaining the plaintext of the data to be authenticated in the second authentication data, and comparing whether the plaintext of the data to be authenticated in the second authentication data is consistent with the data to be authenticated, and if the matching is the same, the authentication is passed.
  • the terminal state includes a usage state and a debug state, and the terminal does not save the application and the key in the usage state and the debug state; the terminal switches from the usage state to the debug state, and the terminal clears the key of the terminal in the usage state.
  • the terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
  • first to-be-certified data is a random number
  • second to-be-certified data is a combination of a terminal board serial number and a random number
  • the beneficial effects of the present invention are: the application developer obtains the work public key certificate and the work private key of the U-KEY through the state transition tool, and when the state transition tool obtains the authentication of the server and the terminal, the state transition tool can be directly used.
  • the state conversion tool used by the application developer stores the work public key certificate of the terminal root public key certificate and the corresponding private
  • the key signature ensures that the application developer has the authority to download the program to the terminal to avoid illegally changing the terminal status.
  • the inventor also provides a terminal state transition system for crediting, and the technical solution is as follows:
  • a trusted terminal state transition system includes: a server, a terminal, and a state transition tool, and the state transition tool includes: a server authentication module, a terminal authentication module, and a U-KEY interaction module; the server is configured to: send The first to-be-certified data is sent to the state transition tool, and the state transition tool obtains the working public key certificate and the working private key from the U-KEY; the U-KEY interaction module is configured to: use the working private key to the first The server to be authenticated is encrypted to generate the first authentication data.
  • the server authentication module is configured to: send the working public key certificate and the first authentication data to the server; the server is used to: The data is used for authentication; the terminal is configured to: send the second to-be-certified data to the state conversion tool; the U-KEY interaction module is configured to: encrypt the second to-be-certified data by using the working private key, to generate a second authentication
  • the terminal authentication module is configured to: send the working public key certificate and the second authentication data to the terminal; the terminal is configured to: authenticate the second authentication data; The first authentication data is authenticated and the terminal authenticates the second authentication data, and the terminal authentication module is configured to: obtain data to be authenticated from the terminal; the server authentication module is configured to: send the data to be authenticated to the server The server is further configured to: use the authentication private key to encrypt the to-be-authenticated data to generate authentication data, and the server sends the authentication data to the state conversion tool; the terminal authentication module is further configured to: send the authentication The terminal is further configured to: authenticate the authentication data, and
  • the server is configured to: authenticate the first authentication data
  • the method includes: the server receives the working public key certificate, and the server extracts the public key in the working public key certificate, and the server uses the public The key decrypts the first authentication data, and obtains the plaintext of the data to be authenticated in the first authentication data, and compares whether the plaintext of the data to be authenticated in the first authentication data is consistent with the data to be authenticated. If the agreement is the same, the authentication is passed; the terminal is configured to: identify the second authentication data. And the terminal receives the working public key certificate, the terminal extracts the public key in the working public key certificate, and the terminal decrypts the second authentication data by using the public key to obtain the second authentication data. Whether the plaintext of the data to be authenticated and the data to be authenticated in the second authentication data are consistent with each other, and if the data is consistent, the authentication is passed.
  • the terminal state includes a usage state and a debug state, and the terminal does not save the application and the key in the usage state and the debug state; the terminal switches from the usage state to the debug state, and the terminal clears the key of the terminal in the usage state.
  • the terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
  • first to-be-certified data is a random number
  • second to-be-certified data is a combination of a terminal board serial number and a random number
  • the beneficial effects of the present invention are: the application developer obtains the work public key certificate and the work private key of the U-KEY through the state transition tool, and when the state transition tool obtains the authentication of the server and the terminal, the state transition tool can be directly used. To switch the state of the terminal; and the state conversion tool used by the application developer stores the work public key certificate and the corresponding private key signature of the terminal root public key certificate, so as to ensure that the application developer has the right to download the program to the terminal. To avoid illegal conversion of terminal status.
  • FIG. 1 is a block diagram of a trusted terminal state transition system of the present invention
  • FIG. 2 is a flow chart of a method for converting a terminal state of a credit according to the present invention.
  • the U-KEY is inserted in the state transition tool.
  • the state transition tool is a PC, where the U-KEY stores the work public key subordinate to the terminal root public key certificate. The certificate and the work private key.
  • the state transition tool is installed with interactive software, so that the state transition tool can obtain the work public key certificate and the work private key from the U-KEY.
  • Step S201 The state transition tool obtains the first data to be authenticated from the server.
  • the server generates the first data to be authenticated.
  • the first data to be authenticated is a 16-byte random number, and the state transition tool goes to the slave service.
  • the terminal obtains the first data to be authenticated, and after obtaining the state, the state conversion tool sends the first data to be authenticated to the state conversion tool.
  • the first to-be-authenticated data may also be a random number of other bytes, which may be a combination of 32-byte letters, numbers, special symbols, etc., in this embodiment, by generating 16-byte random each time. The number ensures that the random number generated each time is different.
  • step S202 the state transition tool generates the first authentication data by using the U-KEY; after the state transition tool receives the first data to be authenticated, the state transition tool uses the work private key stored in the U-KEY to pair the first data to be authenticated. Encryption is performed, and the first authentication data is generated after encryption. The first authentication data is ensured by encrypting the first data to be authenticated by using the work private key stored in the U-KEY. In the process of data transmission, it will not be intercepted by other illegal U-KEYs, and it will pretend to be a genuine U-KEY, which will cause security problems.
  • the step S203 the state conversion tool sends the first authentication data and the working public key certificate to the server for authentication; the authentication here means that the server decrypts the received first authentication data.
  • the authentication means that the server decrypts the received first authentication data.
  • the work public key certificate sent here contains a public key that can decrypt the first authentication data, so that the public key can be extracted after the server receives the message, and then the first authentication data is decrypted.
  • the first data to be authenticated is: D1, which is encrypted by using the private key S to generate the first authentication data: D2, the public key corresponding to the private key S is G, and the state conversion tool sends the certificate of D2 and G to the certificate.
  • the server extracts G from the certificate, and then uses G to decrypt D2 and obtain D1.
  • Step S204 The state transition tool acquires the second data to be authenticated from the terminal. Similarly, the terminal generates the second data to be authenticated.
  • the second data to be authenticated is a combination of the serial number of the terminal motherboard and the random number. The motherboard serial number is unique and can uniquely identify a terminal. After the terminal generates the second to-be-certified data, the state transition tool obtains the second to-be-certified data.
  • step S205 the state transition tool generates the second authentication data using the U-KEY; the state transition tool encrypts the second data to be authenticated using the working private key in the U-KEY to generate the second authentication data.
  • the step S206 the state conversion tool sends the second authentication data and the working public key certificate to the terminal for authentication; the authentication here refers to the terminal decrypting the received second authentication data to obtain the plaintext. Whether the comparison plaintext is the same as the second to-be-certified data of the terminal. If the same, the U-KEY passes the authentication of the terminal, and the terminal is recognized, and the U-KEY obtains the information that can be obtained from the terminal and sends the information to the terminal. permission.
  • the public key certificate contains a public key that can decrypt the second authentication data, so that the public key can be extracted after the server receives the message, and then the second authentication data is decrypted.
  • Step S207 The server verifies the first authentication data authentication and the terminal to the second authentication number authentication; the server receives the working public key certificate, and the server extracts the public key in the working public key certificate, and the server uses the public key.
  • the public key decrypts the first authentication data, and obtains the plaintext of the data to be authenticated in the first authentication data, and compares the plaintext of the data to be authenticated in the first authentication data with the first data to be authenticated. Whether it is consistent, if it is consistent, the certification is passed.
  • the terminal Receiving, by the terminal, the working public key certificate, the terminal extracting the public key in the working public key certificate, the terminal decrypting the second authentication data by using the public key, and acquiring the data to be authenticated in the second authentication data
  • the plaintext compares whether the plaintext of the data to be authenticated in the second authentication data is consistent with the data to be authenticated, and if yes, the authentication passes.
  • the server Through the authentication of the U-KEY by the server and the authentication of the U-KEY by the terminal, when both are authenticated, it means that the legality of the U-KEY is recognized by the server and the terminal, then we will
  • the holder of the U-KEY is allowed to obtain the data to be authenticated from the terminal by using the state transition tool, and the data is sent to the server, and the server encrypts the authentication data by using the authentication private key, generates authentication data, and sends the authentication data to the terminal through the state conversion tool.
  • the terminal authenticates it. If the authentication passes, it means that the server also passes the terminal's approval. Then the holder of the U-KEY approved by the server has the authority to use the state transition tool to legalize the state of the terminal.
  • step S208 the state transition tool sends the state to be converted to the terminal, and the terminal switches the state.
  • the state transition tool obtains the terminal information and the data to be authenticated from the terminal, where the terminal information refers to the terminal serial number, and the data to be authenticated is the serial number of the motherboard and the random number, wherein the serial number of the motherboard of each terminal is unique, in this implementation
  • the random number is a 16-byte random number. In other embodiments, the random number may be a letter or a character of other digits.
  • the uniqueness of the data to be authenticated is ensured by using a combination of the motherboard serial number and the random number having the uniquely identified terminal.
  • the state transition tool sends this data to the server.
  • the server authenticates the terminal information and generates authentication data. After the server obtains the terminal information, it determines the legality of the terminal information, and determines that it is legal. The server then uses the authentication private key to encrypt the authentication data. Authenticate data and send the authentication data to the state transition tool.
  • the server judges the terminal information, it not only judges its legitimacy, but also according to The terminal information encrypts the authentication data using a private key corresponding to the terminal.
  • the terminal information encrypts the authentication data using a private key corresponding to the terminal.
  • the public key used by each terminal is the same for convenience and versatility, so the server only needs to judge the legitimacy of the terminal information, and the server uses the universal private key. Encrypt the authentication data.
  • the state conversion tool sends the authentication data to the terminal, and the terminal decrypts the authentication data by using the public key. Because the server uses the private key corresponding to the terminal to encrypt the authentication data, the terminal can decrypt successfully, and after the decryption succeeds, It is judged whether the serial number of the motherboard in the decrypted data is the serial number of the motherboard of the terminal, and if yes, the authentication is passed. After the authentication is passed, the state transition tool sends the state to be converted to the terminal, and the terminal switches to the corresponding state. In this embodiment, in order to ensure security, after the terminal transitions from the debug state to the use state, the application and the key on the device are all cleared; similarly, the terminal is dense from the use state to the debug state. The keys will also be cleared completely.
  • the terminal transitions from the usage state to the debug state, security is ensured in order to prevent the user from entering a personal PIN on it.
  • the interface of the debug state is obviously different from the state of use.
  • a warning box or a watermark pops up every few seconds to prompt the user that the terminal is in the debug state, so that the user does not input the personal PIN on the terminal.
  • a scheme of a trusted terminal state transition system of the present invention is as follows:
  • the system includes a server 10, a terminal 20, and a state transition tool 30.
  • the U-KEY 40 is inserted in the state transition tool 30.
  • the state transition tool 30 is a PC, and the terminal root is stored in the U-KEY 40.
  • the public key certificate 401 and the work private key 402 of the key certificate are installed.
  • the state transition tool 30 is installed with interactive software, so that the state transition tool has a U-KEY interaction module 303.
  • the state transition tool 30 further includes: a server authentication module 301 and a terminal authentication module 302.
  • the terminal authentication module 302 is mainly used to obtain information from the terminal 20 and send information to the terminal 20.
  • the server authentication module 301 is mainly used to Information is obtained from the server 10 and sent to the server 10.
  • the server authentication module 301 is configured to: obtain the first data to be authenticated from the server 10; first, the server 10 generates the first data to be authenticated by itself.
  • the first data to be authenticated is a 16-byte random number, and the server authenticates.
  • the module 301 then obtains the first data to be authenticated from the server 10, and after obtaining the data, the server authentication module 301 sends the first data to be authenticated to the U-KEY interaction module 303.
  • the U-KEY interaction module 303 is configured to: use the U-KEY 40 to generate the first authentication data; after the U-KEY interaction module 303 receives the first to-be-authenticated data, the U-KEY interaction module 303 uses the working private key stored in the U-KEY 40. 402 encrypts the first to-be-certified data, and generates the first authentication data after encryption.
  • the server authentication module 301 is configured to: send the first authentication data and the working public key certificate 401 to the server 10 for authentication; wherein the working public key certificate 401 sent here can be decrypted.
  • the public key of the authentication data is for facilitating the server 10 to extract the public key after receiving it, and then decrypting the first authentication data.
  • the terminal authentication module 302 is configured to: acquire the second data to be authenticated from the terminal 20; similarly, the terminal 20 generates the second data to be authenticated.
  • the second data to be authenticated is a combination of the terminal serial number and the random number.
  • the serial number of the terminal board on the side is unique and can uniquely identify a terminal.
  • the U-KEY interaction module 303 is configured to: generate the second authentication data by using the U-KEY 40; the U-KEY interaction module 303 encrypts the second to-be-authenticated data by using the working private key in the U-KEY 40 to generate the second authentication data, and generate After the second authentication data.
  • the terminal authentication module 302 is configured to: send the second authentication data and the working public key certificate 401 to the terminal 20 for authentication; wherein the working public key certificate 401 sent here contains a public key that can decrypt the second authentication data, in order to It is convenient for the server 10 to extract the public key after receiving it, and then decrypt the second authentication data.
  • the server 10 passes the first authentication data authentication and the terminal 20 and the second authentication number authentication.
  • the server 10 is further configured to: receive the working public key certificate 401, and the server 10 extracts the working public key certificate 401.
  • the public key the server 10 decrypts the first authentication data by using the public key, and obtains the plaintext of the data to be authenticated in the first authentication data, and compares the plaintext of the data to be authenticated in the first authentication data. Whether it is consistent with the first data to be authenticated, and if the data is consistent, the authentication is passed;
  • the terminal 20 is further configured to: receive the working public key certificate 401, the terminal 20 extracts the public key in the working public key certificate 401, and the terminal 20 decrypts the second authentication data by using the public key to obtain the The plaintext of the data to be authenticated in the second authentication data is compared with whether the plaintext of the data to be authenticated in the second authentication data is consistent with the data to be authenticated.
  • the terminal authentication module 302 is configured to: send a state to be converted to the terminal 20, and the terminal 20 switches states.
  • the terminal authentication module 302 obtains terminal information and data to be authenticated from the terminal 20, where the terminal information refers to a terminal serial number, and the data to be authenticated is a serial number of the motherboard and a random number, wherein the serial number of the motherboard of each terminal 20 is unique.
  • the random number is a 16-byte random number. In other embodiments, the random number may be a letter or a character of other digits.
  • the server authentication module 301 is configured to: send the data to the server 10.
  • the server 10 is configured to: authenticate the terminal information and generate the authentication data; after the server 10 obtains the terminal information, determine the legality of the terminal information, and determine that it is legal, the server 10 treats the authentication private key again.
  • the authentication data is encrypted, the authentication data is generated, and the authentication data is sent to the server authentication module 301.
  • the server 10 judges the terminal information, it not only judges its legality, but also The authentication data is also encrypted using the private key corresponding to the terminal 20 based on the terminal information.
  • the public key used by each terminal 20 is the same for convenience and versatility, so the server 10 only needs to judge the legitimacy of the terminal information, and the server 10 uses the universal The private key encrypts the authentication data.
  • the terminal authentication module 302 is configured to: send the authentication data to the terminal 20.
  • the terminal 20 is further configured to: use the public key to decrypt the authentication data, because the server 10 uses the private key corresponding to the terminal 20 to encrypt the authentication data, so the terminal 20 can decrypt successfully, and after decryption succeeds, the decryption is determined. Whether the serial number of the motherboard in the data is the serial number of the motherboard of the terminal 20, and if so, the authentication is passed.
  • the terminal authentication module 302 is further configured to: send the status to be converted to the terminal 20, and the terminal 20 switches to the corresponding status.
  • the terminal 20 transitions from the debug state to the use state, the application program and the key on the device are all cleared; similarly, the terminal 20 is from the use state to the debug state, on the device. The keys will also be cleared.
  • the terminal 20 transitions from the usage state to the debug state, security is ensured in order to prevent the user from entering a personal PIN thereon.
  • the interface of the debug state is obviously different from the state of use.
  • a warning box or a watermark pops up every few seconds to prompt the user that the terminal is in the debug state, so that the user does not enter the personal PIN on the terminal 20. .
  • the computer device includes but is not limited to: a personal computer, a server, a general purpose computer, a special purpose computer, a network device, an embedded device, a programmable device, a smart mobile terminal, a smart home device, a wearable smart device, a vehicle smart device, and the like;
  • the storage medium includes, but is not limited to, a RAM, a ROM, a magnetic disk, a magnetic tape, an optical disk, a flash memory, a USB flash drive, a mobile hard disk, a memory card, a memory stick, a network server storage, a network cloud storage, and the like.
  • the above embodiments are described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to the embodiments. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG.
  • the computer program instructions can be provided to a processor of the computer device to generate a machine such that instructions executed by the processor of the computer device are generated for implementation in the stream
  • a device that is a process or a plurality of processes and/or a block diagram of a function specified in a block or blocks.
  • the computer program instructions can also be stored in a computer device readable memory that can direct the computer device to operate in a particular manner, such that instructions stored in the computer device readable memory produce an article of manufacture comprising the instruction device, the instruction device being implemented in the process Figure One or more processes and/or block diagrams of the functions specified in a block or blocks.
  • These computer program instructions can also be loaded onto a computer device such that a series of operational steps are performed on the computer device to produce computer-implemented processing, such that instructions executed on the computer device are provided for implementing one or more processes in the flowchart And/or block diagram of the steps of a function specified in a box or blocks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention concerne un procédé et un système de conversion d'état de terminal pour un octroi de crédit se rapportant au domaine technique des communications. Le procédé de conversion d'état de terminal pour un octroi de crédit consiste en : l'envoi, par un côté serveur, de premières données à authentifier à un outil de conversion d'état ; le chiffrement, par l'outil de conversion d'état, des premières données à authentifier afin de générer des premières données d'authentification ; l'authentification, par le serveur, des premières données d'authentification ; l'envoi, par un terminal, de secondes données à authentifier à l'outil de conversion d'état ; le chiffrement, par l'outil de conversion d'état, des secondes données à authentifier afin de générer des secondes données d'authentification ; et l'authentification, par le terminal, des secondes données d'authentification.
PCT/CN2017/096835 2016-08-18 2017-08-10 Procédé et système de conversion d'état de terminal pour octroi de crédit WO2018033017A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610680420.8 2016-08-18
CN201610680420.8A CN106161036B (zh) 2016-08-18 2016-08-18 一种授信的终端状态转换方法和系统

Publications (1)

Publication Number Publication Date
WO2018033017A1 true WO2018033017A1 (fr) 2018-02-22

Family

ID=57331311

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/096835 WO2018033017A1 (fr) 2016-08-18 2017-08-10 Procédé et système de conversion d'état de terminal pour octroi de crédit

Country Status (2)

Country Link
CN (1) CN106161036B (fr)
WO (1) WO2018033017A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111901117A (zh) * 2019-05-06 2020-11-06 深圳大普微电子科技有限公司 基于jtag接口的安全认证方法及系统
US20230048889A1 (en) * 2020-01-08 2023-02-16 Lenovo (Beijing) Ltd. Method and apparatus for timely scheduling

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161036B (zh) * 2016-08-18 2019-04-23 福建联迪商用设备有限公司 一种授信的终端状态转换方法和系统
CN113541966A (zh) * 2021-07-23 2021-10-22 湖北亿咖通科技有限公司 权限管理方法、装置、电子设备及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040250082A1 (en) * 2003-03-28 2004-12-09 Fujitsu Limited Digital signature generation method, digital signature authentication method, digital signature generation request program and digital signature authentication request program
CN103516524A (zh) * 2013-10-21 2014-01-15 北京旋极信息技术股份有限公司 安全验证方法和系统
CN104581706A (zh) * 2015-01-09 2015-04-29 上海华申智能卡应用系统有限公司 基于非对称加密技术的智能移动终端间的数据安全交互方法
CN105827412A (zh) * 2016-03-14 2016-08-03 中金金融认证中心有限公司 认证方法、服务器及客户端
CN106161036A (zh) * 2016-08-18 2016-11-23 福建联迪商用设备有限公司 一种授信的终端状态转换方法和系统

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9350708B2 (en) * 2010-06-01 2016-05-24 Good Technology Corporation System and method for providing secured access to services
CN102737311B (zh) * 2012-05-11 2016-08-24 福建联迪商用设备有限公司 网络银行安全认证方法和系统
CN102801524B (zh) * 2012-06-13 2015-01-21 天津大学 可信认证体系基础上基于信任理论的可信服务系统
CN103731266B (zh) * 2012-10-12 2017-05-10 北京微智全景信息技术有限公司 一种用于对电子凭证进行认证的方法及系统
CN103490895B (zh) * 2013-09-12 2016-09-14 电小虎能源科技(北京)有限公司 一种应用国密算法的工业控制身份认证方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040250082A1 (en) * 2003-03-28 2004-12-09 Fujitsu Limited Digital signature generation method, digital signature authentication method, digital signature generation request program and digital signature authentication request program
CN103516524A (zh) * 2013-10-21 2014-01-15 北京旋极信息技术股份有限公司 安全验证方法和系统
CN104581706A (zh) * 2015-01-09 2015-04-29 上海华申智能卡应用系统有限公司 基于非对称加密技术的智能移动终端间的数据安全交互方法
CN105827412A (zh) * 2016-03-14 2016-08-03 中金金融认证中心有限公司 认证方法、服务器及客户端
CN106161036A (zh) * 2016-08-18 2016-11-23 福建联迪商用设备有限公司 一种授信的终端状态转换方法和系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111901117A (zh) * 2019-05-06 2020-11-06 深圳大普微电子科技有限公司 基于jtag接口的安全认证方法及系统
US20230048889A1 (en) * 2020-01-08 2023-02-16 Lenovo (Beijing) Ltd. Method and apparatus for timely scheduling

Also Published As

Publication number Publication date
CN106161036A (zh) 2016-11-23
CN106161036B (zh) 2019-04-23

Similar Documents

Publication Publication Date Title
TWI809292B (zh) 資料的加解密方法、裝置、存儲介質及加密文件
CN110401615B (zh) 一种身份认证方法、装置、设备、系统及可读存储介质
CN1960363B (zh) 一种利用网络实现信息安全设备远程更新的方法
CN107743067B (zh) 数字证书的颁发方法、系统、终端以及存储介质
CN110189442A (zh) 认证方法及装置
WO2018040880A1 (fr) Procédé et système permettant d'accorder une autorisation d'acquisition d'un journal d'informations d'alarme d'attaque de terminal
CN107733636B (zh) 认证方法以及认证系统
EP3001598A1 (fr) Procédé et système pour sauvegarder une clé privée dans un jeton de signature électronique
US20190140834A1 (en) Advanced Crypto Token Authentication
WO2018033017A1 (fr) Procédé et système de conversion d'état de terminal pour octroi de crédit
WO2016054905A1 (fr) Procédé de traitement de données
CN111124453B (zh) 一种终端设备固件程序升级方法
CN106797381B (zh) 用于用户认证的通信适配器
CN108462699A (zh) 基于时序加密的二维码生成及验证方法和系统
CN115529591A (zh) 基于令牌的认证方法、装置、设备及存储介质
CN108768941B (zh) 一种远程解锁安全设备的方法及装置
WO2018033016A1 (fr) Procédé et système autorisant la conversion d'un état de terminal
CN114329522A (zh) 一种私钥保护方法、装置、系统及存储介质
CN105873043B (zh) 一种用于移动终端的网络私匙的生成及应用方法及其系统
CN105430022B (zh) 一种数据输入控制方法和终端设备
KR101415786B1 (ko) 온라인 실행 코드 기술과 암호화 기반 불법 복제 방지 시스템 및 그 방법
WO2018040881A1 (fr) Procédé et système d'autorisation de suppression d'alarme anti-attaque pour terminal
CN110968878A (zh) 信息传输方法、系统、电子设备及可读介质
CN108960385A (zh) 基于多重秘钥加密的二维码生成及验证方法和系统
CN110210189B (zh) 软件验证方法、软硬件绑定方法及其可编程器件

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17840991

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17840991

Country of ref document: EP

Kind code of ref document: A1