CN110166252B - Digital certificate unified authentication gateway supporting multiple authentication modes - Google Patents
Digital certificate unified authentication gateway supporting multiple authentication modes Download PDFInfo
- Publication number
- CN110166252B CN110166252B CN201910417382.0A CN201910417382A CN110166252B CN 110166252 B CN110166252 B CN 110166252B CN 201910417382 A CN201910417382 A CN 201910417382A CN 110166252 B CN110166252 B CN 110166252B
- Authority
- CN
- China
- Prior art keywords
- authentication
- data
- digital certificate
- module
- unified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Computer And Data Communications (AREA)
- Mobile Radio Communication Systems (AREA)
- Stored Programmes (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A digital certificate unified authentication gateway supporting multiple authentication modes relates to the technical field of digital certificate authentication gateways. The invention comprises an information system user, a plurality of PC end/mobile equipment digital certificate detection plug-ins, a plurality of information systems and a digital certificate unified authentication gateway which are connected in sequence, wherein the digital certificate unified authentication gateway comprises a PC end/mobile end digital certificate drive detection plug-in, a unified interface module, a data preprocessing module, a data verification module, an authentication service identification module and N authentication processing modules. According to the invention, the digital certificate driver is automatically identified and loaded at the PC end and the mobile end through the plug-in program, so that the problem that a user manually installs and unloads the driver when the digital certificate driver conflicts is solved; through the digital certificate unified authentication gateway, unified digital certificate access service is provided for commercial institutions, and the problem that the commercial institutions maintain a plurality of authentication service interfaces simultaneously is solved.
Description
Technical Field
The invention relates to the technical field of digital certificate authentication gateways.
Background
Digital certificates, i.e., a signature that an identity authority places on a digital identity card, provide a way to verify the identity of a communicating entity over the Internet. The identity authentication system is issued by an authority-CA (certificate authority) which is also called as a certificate authority and an electronic information authentication service mechanism, and can be used for identifying the identity on the network.
The authentication process of the current digital certificate is as follows: the sender sends information such as a signature public key, a digital signature, a signature original text and the like to a receiver; the receiving party sends the received information to an authentication server of an electronic information authentication mechanism, the authentication server returns an authentication result to the receiving party, and the receiving party determines whether the digital certificate of the sending party is real and reliable according to the result returned by the authentication server.
According to the data of the Ministry of industry and communications, more than thirty organizations for providing electronic information authentication service are distributed in different provinces and fields, such as Shaanxi province digital certificate authentication center, Inc., Fujian province digital security certificate management, Inc., Shandong province digital certificate authentication management, etc. When a business organization develops business related to electronic information authentication service in different provinces, the business organization needs to be in system butt joint with different electronic information authentication service organizations, and the butt joint mode is usually that the business organization is in butt joint with different electronic information authentication service organizations respectively according to different specific developing businesses. For example, an information system is respectively developed by a certain commercial institution in Shaanxi and Fujian, the information system developed by the commercial institution in Shaanxi needs to be connected with a digital authentication service system adopted by the government of Shaanxi province, and the information system developed by the Fujian needs to be connected with a digital authentication service system adopted by the government of Fujian province.
The above-described docking method is a docking method generally adopted at present, but due to the difference of the authentication flows and the difference of the interfaces of the digital authentication service systems, an accessor needs to maintain the interfaces of a plurality of authentication service systems at the same time, and when a digital authentication service is newly added, an authentication service flow and an interface need to be newly added, so that the development and maintenance workload is large and complex, and unified management cannot be performed.
Meanwhile, drivers of digital certificates issued by different electronic information authentication service organizations may be from the same driver developer, and users of information systems often encounter the problem of driver loading conflict when switching among different information systems.
Disclosure of Invention
The invention aims to automatically identify and load the digital certificate driver at a PC end and a mobile end through a plug-in program, thereby solving the problem that a user manually installs and unloads the driver when the digital certificate driver conflicts; through the digital certificate unified authentication gateway, unified digital certificate access service is provided for commercial institutions, and the problem that the commercial institutions maintain a plurality of authentication service interfaces simultaneously is solved.
A digital certificate unified authentication gateway supporting multiple authentication modes comprises an information system user, a plurality of PC end/mobile equipment digital certificate detection plug-ins, a plurality of information systems and a digital certificate unified authentication gateway which are connected in sequence, wherein the digital certificate unified authentication gateway comprises a unified interface module for receiving data of the PC end/mobile equipment digital certificate detection plug-ins, a data preprocessing module for preprocessing the data of the unified interface module, a data verifying module for verifying the data of the data preprocessing module and transmitting the verification result to the unified interface module, the authentication service identification module is used for carrying out authentication service on the data of the data verification module and transmitting an authentication result to the unified interface module, and the N authentication processing modules are used for transmitting the electronic information authentication service result to the authentication service identification module.
Preferably, the PC end/mobile device digital certificate detection plug-in of the invention is used for detecting a digital certificate driver on the PC end/mobile device, a digital certificate and driver corresponding relation data used for identifying the current access of the PC end/mobile device are built in the plug-in, and the corresponding digital certificate driver is loaded according to the identification result; meanwhile, when the information system user switches the digital certificate, the PC terminal/mobile equipment digital certificate detection plug-in automatically discovers the switching action of the information system user by monitoring signals of the PC or the mobile equipment, and loads a corresponding digital certificate driver according to a monitoring result.
Preferably, in the invention, when the information system user accesses a certain information system needing digital certificate authentication, the digital certificate is accessed at the PC end/mobile equipment, the plug-in detection program loads the corresponding digital certificate driving program, the authentication information needing to be identified is provided for the information system, and the information system sends the authentication information to the digital certificate unified authentication gateway.
Preferably, the external service interface type used for receiving the digital certificate verification request of the information system on the unified interface module is Socket, Http, WebService or other type interface, the data form of the request is one or more of Http message, Json data and XML, and the received verification request data is forwarded to the data preprocessing module.
Preferably, the data preprocessing module of the present invention parses the request data received by the unified interface module into a unified data format inside the system, and sends the data parsing result to the data checking module.
Preferably, the data verification module of the present invention performs data format verification on the result data of the data preprocessing module, checks whether the data format is correct and the logical relationship between the data, notifies the unified interface module that the data verification result is failed if the data format verification is failed, and sends the data verification result to the authentication service identification module if the data format verification is successful.
Preferably, the authentication service identification module of the present invention takes out the electronic information authentication service code from the data verification result, finds the corresponding authentication processing module from the relation data of the electronic information authentication service code and the authentication processing module, and forwards the authentication request information to the corresponding authentication processing module.
Preferably, the data authentication processing module of the invention converts the data into a data format recognizable by the electronic information authentication service, forwards the authentication request to the corresponding electronic information authentication service, converts the received authentication result of the electronic information authentication service into a uniform format in the system, and returns the uniform format to the authentication service identification module.
Preferably, the authentication service identification module of the present invention forwards the authentication result to the unified interface module, and the unified interface module returns the authentication result to the information system, and the information system notifies the information system of the authentication result of the user.
The PC end/mobile end drive detection program ensures that when an information system user uses the information system, the problem of drive conflict does not need to be faced; when the commercial establishment is in butt joint with the electronic information authentication system, the commercial establishment only needs to be in butt joint with the digital certificate unified authentication gateway, and does not need to be in butt joint with each information system; the increase and change of the electronic information authentication system are realized on the digital certificate unified authentication gateway, and the commercial institution does not need to carry out the part of work.
The invention discloses a digital certificate unified authentication gateway, which comprises a PC (personal computer) end/mobile end digital certificate drive detection plug-in, a unified interface module, a data preprocessing module, a data verification module, an authentication service identification module and N authentication processing modules.
The PC end/mobile end digital certificate drive detection plug-in can automatically identify all digital certificate drives and currently used digital certificate drives in PC end/mobile end equipment, can automatically load and switch digital certificate drive programs, and can interact data with an information system.
The unified interface module can receive data requests of various protocols, including Http, Socket, Webservice, wireless data related transmission protocols and the like, and can receive various data formats, including Http messages, Json, Xml and the like, wherein the data can be encrypted data or unencrypted data.
The authentication service identification module can automatically identify the type of the electronic information authentication service according to the authentication request data.
Drawings
Fig. 1 is a schematic structural view of the present invention.
Detailed Description
The technical scheme of the invention is explained in detail in the following with the accompanying drawings:
as shown in fig. 1, a digital certificate unified authentication gateway supporting multiple authentication modes comprises an information system user, a plurality of PC end/mobile device digital certificate detection plug-ins, a plurality of information systems, and a digital certificate unified authentication gateway, which are connected in sequence, wherein the digital certificate unified authentication gateway comprises a unified interface module for receiving data of the PC end/mobile device digital certificate detection plug-ins, a data preprocessing module for preprocessing the data of the unified interface module, a data verifying module for verifying the data of the data preprocessing module and transmitting the verification result to the unified interface module, the authentication service identification module is used for identifying the authentication service of the data verification module and transmitting the authentication result to the unified interface module, and the N authentication processing modules are used for transmitting the electronic information authentication service result to the authentication service identification module.
As shown in fig. 1, the PC side/mobile device digital certificate detection plug-in of the present invention is used for detecting a digital certificate driver on the PC side/mobile device, and a digital certificate and driver corresponding relation data for identifying a current access to the PC side/mobile device are built in the plug-in, and a corresponding digital certificate driver is loaded according to an identification result; meanwhile, when the information system user switches the digital certificate, the PC terminal/mobile equipment digital certificate detection plug-in automatically discovers the switching action of the information system user by monitoring signals of the PC or the mobile equipment, and loads a corresponding digital certificate driver according to a monitoring result.
As shown in fig. 1, in the present invention, when an information system user accesses an information system requiring digital certificate authentication, a digital certificate is accessed at a PC terminal/mobile device, a plug-in detection program loads a corresponding digital certificate driver, provides authentication information required to be identified to the information system, and the information system sends the authentication information to a digital certificate unified authentication gateway.
As shown in fig. 1, the external service interface type used for receiving the digital certificate verification request of the information system on the unified interface module of the present invention is Socket, Http, WebService, or other type interface, the data form of the request is one or more of Http message, Json data, and XML, and the received verification request data is forwarded to the data preprocessing module.
As shown in fig. 1, the data preprocessing module of the present invention parses the request data received by the unified interface module into a unified data format inside the system, and sends the data parsing result to the data checking module.
As shown in fig. 1, the data verification module of the present invention performs data format verification on the result data of the data preprocessing module, checks whether the data format is correct and the logical relationship between the data, notifies the unified interface module that the data verification result is failed if the data format verification is failed, and sends the data verification result to the authentication service identification module if the data format verification is successful.
As shown in fig. 1, the authentication service identification module of the present invention extracts the electronic information authentication service code from the data verification result, finds the corresponding authentication processing module from the relationship data between the electronic information authentication service code and the authentication processing module, and forwards the authentication request information to the corresponding authentication processing module.
As shown in fig. 1, the data authentication processing module converts data into a data format recognizable by the electronic information authentication service, forwards the authentication request to the corresponding electronic information authentication service, converts the received authentication result of the electronic information authentication service into a uniform format in the system, and returns the uniform format to the authentication service identification module.
As shown in fig. 1, the authentication service identification module of the present invention forwards the authentication result to the unified interface module, and the unified interface module returns the authentication result to the information system, and the information system notifies the information system of the user authentication result.
Claims (7)
1. A digital certificate unified authentication gateway supporting multiple authentication modes is characterized by comprising an information system user, a plurality of PC end/mobile equipment digital certificate detection plug-ins, a plurality of information systems and a digital certificate unified authentication gateway which are connected in sequence, wherein the digital certificate unified authentication gateway comprises a unified interface module for receiving data of the PC end/mobile equipment digital certificate detection plug-ins, a data preprocessing module for preprocessing the data of the unified interface module, a data verifying module for verifying the data of the data preprocessing module and transmitting the verification result to the unified interface module, the authentication service identification module is used for carrying out authentication service on the data of the data verification module and transmitting an authentication result to the unified interface module, and the N authentication processing modules are used for transmitting the electronic information authentication service result to the authentication service identification module;
the PC end/mobile equipment digital certificate detection plug-in is used for detecting a digital certificate driver on the PC end/mobile equipment, a digital certificate and driver corresponding relation data used for identifying the current access of the PC end/mobile equipment are built in the digital certificate detection plug-in, and the corresponding digital certificate driver is loaded according to an identification result; meanwhile, when the information system user switches the digital certificate, the PC terminal/mobile equipment digital certificate detection plug-in automatically discovers the switching action of the information system user by monitoring signals of the PC or the mobile equipment, and loads a corresponding digital certificate driver according to a monitoring result;
the external service interface type used for receiving the digital certificate verification request of the information system on the unified interface module is a Socket interface, an Http interface or a WebService interface, the data form of the request is one or more of Http message, Json data and XML, and the received verification request data is forwarded to the data preprocessing module.
2. The gateway of claim 1, wherein when a user of the information system accesses an information system requiring digital certificate authentication, the user accesses a digital certificate at the PC or the mobile device, the plug-in detection program loads the corresponding digital certificate driver, provides the authentication information to be identified to the information system, and the information system sends the authentication information to the gateway.
3. The gateway of claim 1, wherein the data preprocessing module parses the request data received by the unified interface module into a unified data format within the system, and sends the parsing result to the data checking module.
4. The gateway of claim 1, wherein the data checking module checks the data format of the result data of the data preprocessing module, checks whether the data format is correct and the logical relationship between the data, notifies the unified interface module that the data checking result is failed if the data format checking is failed, and sends the data checking result to the authentication service identification module if the data checking is successful.
5. The gateway of claim 1, wherein the authentication service identification module extracts the electronic information authentication service code from the data verification result, finds the corresponding authentication processing module from the relationship data between the electronic information authentication service code and the authentication processing module, and forwards the authentication request message to the corresponding authentication processing module.
6. The gateway of claim 1, wherein the data authentication processing module converts the data into a data format recognizable by the electronic information authentication service, forwards the authentication request to the corresponding electronic information authentication service, converts the authentication result of the received electronic information authentication service into a format unified in the system, and returns the format unified in the system to the authentication service identification module.
7. The gateway of claim 1, wherein the authentication service identification module forwards the authentication result to the unified interface module, and the unified interface module returns the authentication result to the information system, and the information system notifies the information system of the authentication result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910417382.0A CN110166252B (en) | 2019-05-20 | 2019-05-20 | Digital certificate unified authentication gateway supporting multiple authentication modes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910417382.0A CN110166252B (en) | 2019-05-20 | 2019-05-20 | Digital certificate unified authentication gateway supporting multiple authentication modes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110166252A CN110166252A (en) | 2019-08-23 |
| CN110166252B true CN110166252B (en) | 2022-02-25 |
Family
ID=67631479
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910417382.0A Active CN110166252B (en) | 2019-05-20 | 2019-05-20 | Digital certificate unified authentication gateway supporting multiple authentication modes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110166252B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114254271B (en) * | 2021-12-17 | 2024-10-01 | 徐工汉云技术股份有限公司 | License control method and system based on service gateway |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1581144A (en) * | 2003-07-31 | 2005-02-16 | 上海市电子商务安全证书管理中心有限公司 | Digital certificate local identification method and system |
| CN102231729A (en) * | 2011-05-18 | 2011-11-02 | 浪潮集团山东通用软件有限公司 | Method for supporting various CA (Certification Authority) identity authentications |
| CN109561089A (en) * | 2018-11-29 | 2019-04-02 | 郑静 | A kind of medical system digital certificate highly compatible remodeling method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7418597B2 (en) * | 2003-08-15 | 2008-08-26 | Venati, Inc. | Apparatus for accepting certificate requests and submission to multiple certificate authorities |
-
2019
- 2019-05-20 CN CN201910417382.0A patent/CN110166252B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1581144A (en) * | 2003-07-31 | 2005-02-16 | 上海市电子商务安全证书管理中心有限公司 | Digital certificate local identification method and system |
| CN102231729A (en) * | 2011-05-18 | 2011-11-02 | 浪潮集团山东通用软件有限公司 | Method for supporting various CA (Certification Authority) identity authentications |
| CN109561089A (en) * | 2018-11-29 | 2019-04-02 | 郑静 | A kind of medical system digital certificate highly compatible remodeling method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110166252A (en) | 2019-08-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12126732B2 (en) | Blockchain consensus method, device and system | |
| CN102821084B (en) | Method for identifying open platform, open platform and open system | |
| CN110958119A (en) | Identity verification method and device | |
| CN113067882A (en) | Message processing method and device, electronic equipment and medium | |
| US20200233786A1 (en) | Default mock implementations at a server | |
| CN113055470B (en) | Service request distribution method and system | |
| CN112714158A (en) | Transaction processing method, relay network, cross-link gateway, system, medium, and device | |
| CN113014610B (en) | Remote access method, device and system | |
| CN105516246A (en) | Method for preventing application program downloading hijacking and server | |
| CN111294347B (en) | Safety management method and system for industrial control equipment | |
| CN108900562B (en) | Login state sharing method and device, electronic equipment and medium | |
| CN1601954B (en) | Moving principals across security boundaries without service interruption | |
| CN111833036B (en) | Method, apparatus, device and computer readable medium for judging repeat transaction | |
| CN107508746B (en) | Good friend's adding method, device and electronic equipment | |
| CN112671844A (en) | Registration method and system of equipment | |
| CN110166252B (en) | Digital certificate unified authentication gateway supporting multiple authentication modes | |
| Barbosa et al. | An internet of things security system based on grouping of smart cards managed by field programmable gate array | |
| CN109495468A (en) | Authentication method, device, electronic equipment and storage medium | |
| CN113590243A (en) | Energy enterprise project creation method and device, computer equipment and medium | |
| CN101778117B (en) | Network storing and processing method, device and wireless terminal | |
| CN109492375B (en) | SAP ERP single sign-on system based on JAVA middleware integration mode | |
| CN112272211A (en) | Service request processing method, device and system | |
| CN111866767B (en) | Message processing method, device, electronic equipment and readable medium | |
| CN103326892B (en) | The operating method and device of web interface | |
| CN114257632B (en) | Method and device for reconnecting broken wire, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210208 Address after: 210000 room 1003, building 02, No. 300, Zhongshan East Road, Qinhuai District, Nanjing City, Jiangsu Province Applicant after: Nanjing Yilian sunshine Information Technology Co.,Ltd. Address before: 100071 1503, 15th floor, building 4, yard 9, Guang'an Road, Fengtai District, Beijing Applicant before: Beijing Huazhao Yilian Information Technology Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |