CN100581105C - Digital certificate safety protection method - Google Patents
Digital certificate safety protection method Download PDFInfo
- Publication number
- CN100581105C CN100581105C CN200410050847A CN200410050847A CN100581105C CN 100581105 C CN100581105 C CN 100581105C CN 200410050847 A CN200410050847 A CN 200410050847A CN 200410050847 A CN200410050847 A CN 200410050847A CN 100581105 C CN100581105 C CN 100581105C
- Authority
- CN
- China
- Prior art keywords
- certificate
- authentication
- client terminal
- module
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A method for protecting security of digital certificate includes certificate back - up step of setting status verification step and certificate restoration step of verifying status step being able to be mode of questioning and answering or mode of verifying status in real time.
Description
Technical field
The present invention relates to the guard method of a kind of network service safe, particularly a kind of method of digital certificate safeguard protection.
Background technology
On the internet, the mode of identification user identity has modes such as user name+password (ID+Password), digital certificate, dynamic password card.Concerning bank-user, the information of these RMs or equipment all are provided with there and obtain from bank counter or customer manager.
In the system that uses digital certificate identification user identity, first client terminal (computer) must promptly activate and obtain digital certificate through a server authentication step when using professional version software.When the user uses above-mentioned professional version software on other client terminals, must be with the digital certificate backup of first client terminal, and install and return in this professional version software, professional version software takes multiple complicated enciphering transformation to protect local data.Concerning the assailant, need to steal user's digital certificate backup file and protection password thereof and to do the certificate recovery operation again for the local data that multiple computing deciphered with respect to being distributed in many places, much easier.
Summary of the invention
Technical problem to be solved by this invention is, a kind of digital certificate method for security protection is provided, to strengthen the protection of digital certificate in the digital certificate verification mode.
Technical scheme of the present invention is; a kind of digital certificate method for security protection is provided; comprise certificate back-up step and certificate recovering step; described certificate back-up step comprises the authentication step is set; described certificate recovering step comprises the authentication step; when verifying at the use certificate sign indicating number and by mobile phone short messages; described certificate recovering step comprises step: the secure verification module of server end produces identity validation number; the secure verification module of server end number sends to identity validation the mobile phone of user's registration by sms platform according to stored user information in the memory; the certificate of client terminal recovers module receives authentication code by human-computer interaction interface input; if by checking, the certificate of client terminal recovers module execution certificate and recovers.
The authentication step wherein is set to be comprised by client terminal certificate back-up module and is provided for the problem of authentication and answer and problem and answer is stored into the step of the memory of server end; The authentication step may further comprise the steps: the problem that is used for authentication of storing on the secure verification module selection memory of server end, the certificate of client terminal recover the Validation Answer Key validation problem answer by relatively being stored in memory of module answers validation problem, server end by human-computer interaction interface secure verification module, if by checking, and the certificate of client terminal recovers module to be carried out certificate and recover.
In the above-mentioned digital certificate method for security protection, the described problem that the setting of authentication step is set is more than 1.
In the above-mentioned digital certificate method for security protection, the selection step of the problem of described authentication at first selects to answer for the last time wrong problem, the problem of never asking or the longest problem of the time interval.
The present invention also provides a kind of digital certificate method for security protection, comprises certificate back-up step and certificate recovering step, and described certificate back-up step comprises the authentication step is set that described certificate recovering step comprises the authentication step.When verifying at the use certificate sign indicating number and by the landline telephone mode, the authentication step may further comprise the steps: the certificate that the secure verification module that the secure verification module of server end produces identity validation number, server end sends identity validation number, client terminal according to stored user information in the memory by the registration phone of storing in the memory recover module by human-computer interaction interface receive the input of authentication code, if by checking, the certificate of client terminal recovers module to be carried out certificate and recovers.
In the above-mentioned digital certificate method for security protection, described authentication step also comprises the step of stored user information checking fixed telephone number in the secure verification module consults memory of described server end.
Digital certificate method for security protection of the present invention can prevent the potential safety hazard that digital certificate is stolen and brings in the digital certificate verification mode, has improved the fail safe in the digital certificate recovery process.
Description of drawings
Fig. 1 is the system construction drawing of digital certificate method for security protection of the present invention.
Fig. 2 is the flow chart of the digital certificate backup of digital certificate method for security protection of the present invention.
Fig. 3 is the flow chart that the digital certificate of digital certificate method for security protection of the present invention recovers.
Embodiment
As shown in Figure 1, system server 11 generally is positioned at long-range service end, and in bank, it is used for the stocking system data, and system service such as safety verification etc. are provided.SMS platform 12 is connected with system server 11, the authorization information of system server 11 can be sent to mobile phone 13.Customer service telephone system 14 also is connected with system server 11.The user can send the checking request via customer service telephone system 14 to system server 11 by landline telephone 15.After system server 11 response request authorization information is sent to the landline telephone 15 of client by customer service telephone system 14.Client terminal 16 is for the user provides operating platform, and mutual by with server system realized specific function, and described client terminal 16 can have a plurality of (only illustrating one among Fig. 1).
When client terminal 16 uses specific special-purpose software for the first time, or the specific special-purpose software of resetting, do not back up the digital certificate of described special-purpose software again, just need the application authorization code, the empirical tests identity obtains an authorization code, has promptly finished certificate request.When carrying out authentication, can register the number of specific mobile phone number or landline telephone.At client terminal 16 input authorization codes, activate digital certificate then.
As shown in Figure 2, in carrying out the digital certificate backup, at first login the software systems (step S21) of client terminal 16, and control client certificate backup modules 162 by human-computer interaction interface 163 and carry out certificate back-up operation (S22), client certificate backup module 162 sends to system server 11 ends by communication interface 161, and the historical record of the data certificate back-up operation in secure verification module 112 consults memory 111 also judges whether to carry out security set (step S23) according to Query Result.If also do not carry out security set, then the client certificate backup module 162 of client terminal 16 requires to be provided for the prompting problem (step S24) of safety verification by human-computer interaction interface 163 promptings, in the present embodiment, the problem number of setting is at least 5, to improve fail safe.The record that secure verification module 112 deposits the security information that is provided with in memory 111 and the storage digital certificate has been provided with safety verification in memory.Client certificate backup module 162 carries out certificate back-up (step S25) then.If carried out security set, then directly enter step S25, carry out certificate back-up.The problem of above-mentioned setting can be " school's school name that you once attended school ", " birthday/telephone numbers of you certain kith and kin ", and wherein these kith and kin can identify with a Chinese character.In addition, because the certificate back-up step of present embodiment is identical with the general certificate backup, do not give unnecessary details at this.
As shown in Figure 3, when carrying out the certificate recovery, at first recover module 163 by human-computer interaction interface 163 to certificate and send certificate recovery order, recover (step S311) to carry out certificate, certificate recovers module 163 and judges whether to select the use certificate sign indicating number to verify (step S312).If do not adopt authentication code to verify, then select one in the problem that is provided with in the digital certificate backup-step that the secure verification module 112 of system server 11 is stored from memory 111, put question to (step S313).Secure verification module 112 is when selecting problem, and its selection strategy is at first to select to answer for the last time wrong problem, the problem of never asking or correctly answered and the longest problem of the time interval.Human-computer interaction interface 163 receives the answer (step S314) of user's input according to prompting.Secure verification module 112 judges whether by checking according to the digital certificate backed up data of storage in the memory 111, i.e. whether the answer that receives of client terminal 16 consistent (step S318) when being provided with.If by checking, then carry out certificate and recover (step S321); If not by checking, then prompting recovers failure (step S320).
If adopt the authentication code checking, then secure verification module 112 produces an identity validation number (step S315), and judges that the selection according to the user judges whether to use mobile phone short messages checking (step S316).If adopt the mobile phone short messages checking, then system server 11 sends the identity validations number registered mobile phone 13 (step S317) to the user according to stored user information in the memory 111 by SMS platform 12, client terminal 16 receives the authentication code input, and send to system server 11 by the Internet, system server 11 is judged client terminal whether by checking, i.e. authentication code whether consistent with the identifying code of its transmission (step S318).If by checking, execution in step S321 then, otherwise execution in step S320.
If do not adopt the SMS checking, then call out customer service telephone system 14 by registered landline telephone 15, require authentication (step S319), system server 11 sends authentication code (step S317) according to stored user information in the memory 111 by customer service telephone system 14, and carries out step subsequently successively.
Claims (8)
1, a kind of digital certificate method for security protection; comprise certificate back-up step and certificate recovering step; described certificate back-up step comprises the authentication step is set; this is provided with the authentication step and comprises the step that is provided for the problem of authentication and answer and problem and answer is stored into the memory of server end by client terminal certificate back-up module; described certificate recovering step comprises the authentication step; it is characterized in that; when verifying at the use certificate sign indicating number and by mobile phone short messages, described authentication step may further comprise the steps:
The secure verification module of server end produces authentication code;
The secure verification module of server end sends to authentication code by sms platform the mobile phone of user's registration according to stored user information in the memory;
The certificate of client terminal recovers module receives authentication code by human-computer interaction interface input;
If by checking, the certificate of client terminal recovers module execution certificate and recovers.
According to the described digital certificate method for security protection of claim 1, it is characterized in that 2, the described problem that the setting of authentication step is set is more than 1.
3, a kind of digital certificate method for security protection; comprise certificate back-up step and certificate recovering step; described certificate back-up step comprises the authentication step is set; this is provided with the authentication step and comprises the step that is provided for the problem of authentication and answer and problem and answer is stored into the memory of server end by client terminal certificate back-up module; described certificate recovering step comprises the authentication step; it is characterized in that; when not use certificate sign indicating number was verified, described authentication step may further comprise the steps:
The problem that is used for authentication of storing on the secure verification module selection memory of server end;
The certificate of client terminal recovers module and answers validation problem by human-computer interaction interface;
The secure verification module of server end is by relatively being stored in the Validation Answer Key validation problem answer of memory;
If by checking, the certificate of client terminal recovers module execution certificate and recovers.
According to the described digital certificate method for security protection of claim 3, it is characterized in that 4, the selection step of the problem of described authentication at first selects to answer for the last time wrong problem, the problem of never asking or the longest problem of the time interval.
According to claim 3 or 4 described digital certificate method for security protection, it is characterized in that 5, the described problem that the setting of authentication step is set is more than 1.
6, a kind of digital certificate method for security protection; comprise certificate back-up step and certificate recovering step; described certificate back-up step comprises the authentication step is set; this is provided with the authentication step and comprises the step that is provided for the problem of authentication and answer and problem and answer is stored into the memory of server end by client terminal certificate back-up module; described certificate recovering step comprises the authentication step; it is characterized in that; when verifying at the use certificate sign indicating number and by the landline telephone mode, described authentication step may further comprise the steps:
The secure verification module of server end produces authentication code;
The secure verification module of server end sends authentication code according to stored user information in the memory by the registration phone of storing in the memory;
The certificate of client terminal recovers module receives authentication code by human-computer interaction interface input;
If by checking, the certificate of client terminal recovers module execution certificate and recovers.
According to the described digital certificate method for security protection of claim 6, it is characterized in that 7, described authentication step also comprises the step of stored user information checking fixed telephone number in the secure verification module consults memory of described server end.
According to claim 6 or 7 described digital certificate method for security protection, it is characterized in that 8, the described problem that the setting of authentication step is set is more than 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200410050847A CN100581105C (en) | 2004-07-23 | 2004-07-23 | Digital certificate safety protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200410050847A CN100581105C (en) | 2004-07-23 | 2004-07-23 | Digital certificate safety protection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1725684A CN1725684A (en) | 2006-01-25 |
| CN100581105C true CN100581105C (en) | 2010-01-13 |
Family
ID=35924938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200410050847A Expired - Lifetime CN100581105C (en) | 2004-07-23 | 2004-07-23 | Digital certificate safety protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100581105C (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100446017C (en) * | 2006-06-13 | 2008-12-24 | 华为技术有限公司 | Method and system for backuping and storing numeric copyright |
| GB2521802B (en) | 2012-10-30 | 2015-10-14 | Ibm | Reissue of crypographic credentials |
| CN104348822B (en) * | 2013-08-09 | 2019-01-29 | 深圳市腾讯计算机系统有限公司 | A kind of method, apparatus and server of internet account number authentication |
| CN104901925A (en) * | 2014-03-05 | 2015-09-09 | 中国移动通信集团北京有限公司 | End-user identity authentication method, device and system and terminal device |
| CN104580264B (en) * | 2015-02-13 | 2019-04-26 | 人民网股份有限公司 | Login method, entering device and login and Accreditation System |
-
2004
- 2004-07-23 CN CN200410050847A patent/CN100581105C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CN1725684A (en) | 2006-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2591968C (en) | Authentication device and/or method | |
| CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
| CN1251549C (en) | Method for enabling PKI functionsin a smart card | |
| CN1921390B (en) | User identification identifying method and system | |
| CN104038924B (en) | Realize the method and system of Resource Exchange information processing | |
| US6990586B1 (en) | Secure data transmission from unsecured input environments | |
| CN101163014A (en) | Dynamic password identification authenticating system and method | |
| JPH03179863A (en) | Method and equipment for automatic transaction | |
| CN103368928A (en) | System and method for resetting account password | |
| CN101616416B (en) | Method and equipment for authenticating smart card of communication terminal | |
| CN101399659B (en) | Cipher key authentication method and device between user identification module and terminal | |
| CN103167449B (en) | For communication terminal local machine arranges the method and system of call forwarding | |
| CN100413368C (en) | A method for verifying user card validity | |
| CN100581105C (en) | Digital certificate safety protection method | |
| CN101820593A (en) | Intelligent SIM card and method for realizing transmission and processing of data short message through same | |
| CN1980459B (en) | Method for realizing information destroying at network side | |
| CN107294981B (en) | Authentication method and equipment | |
| CN100429957C (en) | Indentifying method for telecommunication smart card and terminal | |
| CN101272248A (en) | Dynamic cipher authentication system | |
| CN110516427A (en) | Auth method, device, storage medium and the computer equipment of terminal user | |
| CN101394278A (en) | Plus and difference dynamic cipher bidirectional authentication method and dynamic cipher card | |
| CN116074833A (en) | Method and device for judging short message verification code | |
| CN100459787C (en) | Method for protecting user card | |
| CN105095704A (en) | Identity recognition method based on multiple dynamic authentication | |
| CN114553573A (en) | Identity authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20100113 |