CN110365486A - A kind of certificate request method, device and equipment - Google Patents
A kind of certificate request method, device and equipment Download PDFInfo
- Publication number
- CN110365486A CN110365486A CN201910575537.3A CN201910575537A CN110365486A CN 110365486 A CN110365486 A CN 110365486A CN 201910575537 A CN201910575537 A CN 201910575537A CN 110365486 A CN110365486 A CN 110365486A
- Authority
- CN
- China
- Prior art keywords
- encrypted
- certificate
- request
- terminal
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000012545 processing Methods 0.000 claims description 22
- 230000015654 memory Effects 0.000 claims description 14
- 238000013475 authorization Methods 0.000 claims description 11
- 230000004044 response Effects 0.000 claims description 9
- 238000003860 storage Methods 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 4
- 230000006855 networking Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 12
- 230000006854 communication Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000001629 sign test Methods 0.000 description 2
- 206010039203 Road traffic accident Diseases 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000032696 parturition Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000010129 solution processing Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a kind of certificate request method, device and equipment, and terminal issues the public key of system PCA using anonymous credential, encrypts to the certificate request request for carrying encrypted public key, obtains encrypted certificate application request;Encrypted public key is what the terminal generated;Encrypted certificate application request is sent to access verifying system RA, and the PCA is sent to via the RA, so that encrypted certificate application request is decrypted in the PCA, obtain the encrypted public key, and after being encrypted as the anonymous credential that the terminal generates using the encrypted public key, the anonymous credential is sent to the RA;Receive the anonymous credential sent via the RA.The application can guarantee not to be leaked during carrying out certificate request and in the encrypted public key of one lateral terminal of certification authority, and then the information security of the certificate of utility encrypted public key encryption, the information security of the final terminal for guaranteeing to communicate using the certificate.
Description
Technical field
This application involves data processing fields, and in particular to a kind of certificate request method, device and equipment.
Background technique
In information security field, need before each terminal carries out information communication to responsible distribution & management digital certificate
Authoritative institution, i.e. certification authority (Certificate Authority;CA the application of certificate) is carried out.
And certificate is generally divided into explicit certificate and implicit certificate, currently, explicit certificate is universal in many fields in China
Using still, compared with implicit certificate, showing during the defect of certificate is certificate request that public key information is explicit and one
It is straight constant, and public key information relevant information of corresponding terminal if leakage can also be revealed, and the letter of terminal is seriously threatened
Breath safety.
Therefore, for explicit certificate, how to guarantee that information security during certificate request is current urgent need to resolve
Problem.
Summary of the invention
In view of this, can guarantee certificate request as far as possible this application provides a kind of certificate request method, device and equipment
Information security in the process.
In a first aspect, for achieving the above object, this application provides a kind of certificate request method, the method applications
In terminal, which comprises
The public key that system PCA is issued using anonymous credential encrypts the certificate request request for carrying encrypted public key, obtains
It is requested to encrypted certificate application;Wherein, the encrypted public key is what the terminal generated;
Encrypted certificate application request is sent to access verifying system RA, and is sent to the PCA via the RA,
So that encrypted certificate application request is decrypted in the PCA, the encrypted public key is obtained, and utilize the encrypted public key
After being encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA;
Receive the anonymous credential sent via the RA.
In a kind of optional embodiment, the public key that system PCA is issued using anonymous credential, to carrying encrypted public key
Certificate request request encrypted, obtain encrypted certificate application request before, further includes:
It is encrypted using the encrypted public key that the public key of PCA generates the terminal, obtains public key cryptography;
Correspondingly, the public key for being issued system PCA using anonymous credential, requests the certificate request for carrying encrypted public key
It is encrypted, obtains encrypted certificate application request, specifically:
The certificate request request for carrying the public key cryptography is encrypted using the public key of the PCA, obtains encryption card
Book application request.
Second aspect, present invention also provides a kind of certificate request method, the method is issued applied to anonymous credential is
Unite PCA, which comprises
The PCA is received to be requested via the encrypted certificate application for carrying out self terminal of access verifying system RA forwarding;Wherein, institute
Encrypted certificate application request is stated to carry the encrypted public key of the terminal generation and obtain using the public key encryption of the PCA;
After encrypted certificate application request is decrypted in the PCA, the encrypted public key is obtained, and add using described
After Migong key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA, so as to by the RA
The anonymous credential is forwarded to the terminal.
In a kind of optional embodiment, after generating anonymous credential for the terminal, further includes:
After the PCA sends the timeliness application request of the anonymous credential to time management system, when reception comes from described
Between management system the anonymous credential timeliness authorization response;
Correspondingly, before the anonymous credential is sent to the RA, further includes:
After anonymous credential described in public key encryption of the PCA using the time management system, continue to execute described by institute
It states anonymous credential and is sent to the RA, and the step of anonymous credential is forwarded to the terminal by the RA, so as to described
Terminal utilizes the private after receiving the private key that the time management system is sent when reaching the start time point of timeliness phase
The anonymous credential is decrypted in key.
The third aspect, present invention also provides a kind of certificate request method, the method is applied to access and verifies system RA,
The described method includes:
The RA is after the encrypted certificate application request for receiving predetermined number, to the encrypted certificate Shen of the predetermined number
It please request obscure processing, and the encrypted certificate application request after obscuring is sent to anonymous credential and issues system PCA;
After the RA receives the anonymous credential from the PCA, solution is carried out to the anonymous credential and obscures processing, and will solution
Anonymous credential after obscuring is respectively sent to corresponding terminal.
Fourth aspect, present invention also provides a kind of certificate request method, the method is applied to time management system, institute
The method of stating includes:
The time management system receives the timeliness application request that the anonymous credential of system PCA is issued from anonymous credential
Afterwards, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself, so that the PCA utilizes the time management system
Public key encryption described in after anonymous credential, the anonymous credential is sent to terminal;
The time management system sends private key to the terminal when reaching the start time point of timeliness phase, so as to described
Terminal is decrypted the anonymous credential using the private key.
5th aspect, present invention also provides a kind of certificate request systems, and the system comprises terminal, accesses to verify system
RA and anonymous credential issue system PCA;
The terminal encrypts the certificate request request for carrying encrypted public key for the public key using the PCA,
Encrypted certificate application request is obtained, and encrypted certificate application request is sent to the RA;Wherein, the encrypted public key is
What the terminal generated;
The RA turns encrypted certificate application request after verifying to encrypted certificate application request
It is sent to the PCA;
The PCA obtains the encrypted public key, and utilize institute for encrypted certificate application request to be decrypted
It states after encrypted public key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA, and by described
The anonymous credential is forwarded to the terminal by RA.
In a kind of optional embodiment, the system also includes time management systems;
The time management system, in the timeliness application request for receiving the anonymous credential that the PCA is sent
Afterwards, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself;And when reaching the start time point of timeliness phase to institute
It states terminal and sends private key, so that the terminal is decrypted the anonymous credential using the private key;
Correspondingly, the PCA will after being also used to anonymous credential described in the public key encryption using the time management system
The anonymous credential is sent to terminal.
In a kind of optional embodiment, the RA is also used in the encrypted certificate application request for receiving predetermined number
Afterwards, the encrypted certificate application of predetermined number request is carried out obscuring processing, and the encrypted certificate application after obscuring is requested
It is sent to anonymous credential and issues system PCA;And after receiving the anonymous credential from the PCA, to the anonymous credential
It carries out solution and obscures processing, and the anonymous credential after solution is obscured is respectively sent to corresponding terminal.
6th aspect, present invention also provides a kind of certificate request device, described device is applied to terminal, described device packet
It includes:
First encrypting module, for issuing the public key of system PCA using anonymous credential, to the certificate Shen for carrying encrypted public key
It please request to be encrypted, obtain encrypted certificate application request;Wherein, the encrypted public key is what the terminal generated;
First sending module, for encrypted certificate application request to be sent to access verifying system RA, and via institute
It states RA and is sent to the PCA, so that encrypted certificate application request is decrypted in the PCA, obtain the encrypted public key,
And after being encrypted as the anonymous credential that the terminal generates using the encrypted public key, the anonymous credential is sent to the RA;
First receiving module, for receiving the anonymous credential sent via the RA.
7th aspect, present invention also provides a kind of certificate request device, described device is issued applied to anonymous credential is
Unite PCA, and described device includes:
Second receiving module is asked for receiving via the encrypted certificate application for carrying out self terminal of access verifying system RA forwarding
It asks;Wherein, the encrypted certificate application request carries the encrypted public key that the terminal generates and the public key encryption using the PCA
It obtains;
Deciphering module obtains the encrypted public key after encrypted certificate application request is decrypted;
Second encrypting module, after being encrypted as the anonymous credential that the terminal generates using the encrypted public key, by institute
It states anonymous credential and is sent to the RA, so that the anonymous credential is forwarded to the terminal by the RA.
Eighth aspect, present invention also provides a kind of certificate request device, described device is applied to access and verifies system RA,
Described device includes:
Module is obscured, for adding after the encrypted certificate application request for receiving predetermined number to the predetermined number
The request of close certificate request carries out obscuring processing, and the encrypted certificate application after obscuring requests to be sent to anonymous credential and issues system
PCA;
Solution obscures module, after receiving the anonymous credential from the PCA, carries out solution to the anonymous credential and obscures place
Reason, and the anonymous credential after solution is obscured is respectively sent to corresponding terminal.
9th aspect, present invention also provides a kind of certificate request device, described device is applied to time management system, institute
Stating device includes:
Third receiving module, for receiving the timeliness application request for issuing the anonymous credential of system PCA from anonymous credential
Afterwards, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself, so that the PCA utilizes the time management system
Public key encryption described in after anonymous credential, the anonymous credential is sent to terminal;
Second sending module, for sending private key to the terminal when reaching the start time point of timeliness phase, with toilet
It states terminal and the anonymous credential is decrypted using the private key.
Tenth aspect, present invention also provides a kind of computer readable storage medium, the computer readable storage medium
In be stored with instruction, when described instruction is run on the terminal device so that the terminal device execute such as any of the above-described institute
The method stated.
Tenth on the one hand, and present invention also provides a kind of certificate request equipment, comprising: memory, processor, and be stored in
On the memory and the computer program that can run on the processor, the processor execute the computer program
When, realize method as described in any one of the above embodiments.
In certificate request method provided by the present application, before terminal sends certificate request request to PCA, first with
The public key of PCA be carry encrypted public key certificate request request encrypted, with guarantee during carrying out certificate request with
And be not leaked in the encrypted public key of one lateral terminal of certification authority, and then the certificate of utility encrypted public key encryption
Information security, the information security of the final terminal for guaranteeing to communicate using the certificate.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the drawings in the following description are only some examples of the present application, for
For those of ordinary skill in the art, without any creative labor, it can also be obtained according to these attached drawings
His attached drawing.
Fig. 1 is a kind of architecture diagram of certificate request system provided by the embodiments of the present application;
Fig. 2 is the architecture diagram of another certificate request system provided by the embodiments of the present application;
Fig. 3 is a kind of certificate request method flow diagram provided by the embodiments of the present application;
Fig. 4 is a kind of information exchange of the certificate request method applied to car networking field provided by the embodiments of the present application
Figure;
Fig. 5 is a kind of structural schematic diagram of certificate request device provided by the embodiments of the present application;
Fig. 6 is the structural schematic diagram of another certificate request device provided by the embodiments of the present application;
Fig. 7 is the structural schematic diagram of another certificate request device provided by the embodiments of the present application;
Fig. 8 is the structural schematic diagram of another certificate request device provided by the embodiments of the present application;
Fig. 9 is a kind of structure chart of certificate request equipment provided by the embodiments of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on
Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall in the protection scope of this application.
In information security field, the problem of there is information leakages during certificate request at present, threaten need into
The information security of the terminal of row certificate request.In order to avoid the information leakage problem during certificate request, guarantee certificate request
Information security in the process, the final information security for guaranteeing terminal, this application provides a kind of certificate request method, apparatus and sets
It is standby.Specifically, the public key first with PCA is the card for carrying encrypted public key before terminal sends certificate request request to PCA
Book application request is encrypted, to guarantee adding during carrying out certificate request and in one lateral terminal of certification authority
Migong key is not leaked, and then the information security of the certificate of utility encrypted public key encryption, final to guarantee to use the certificate
The information security of the terminal of communication.
The application first simply introduces following concept before the introduction for carrying out specific technical solution, in order to
Technical solution is understood.
Certification authority (Certificate Authority;CA) the root CA (also referred to as RootCA or RCA) held is institute
There are the manager of CA and the center of trusted system, issue junior's CA certificate in a hierarchical fashion, the operation and operation of root CA is equal
It is required that under the security context of isolation and determining that its server is off-line state, to prevent it from meeting with the attack of internet.
Access verifies system (Registration Authority;RA) for verifying access certificate, access is only determined
Certificate effectively requests just to be performed, mainly for the treatment of the anonymous credential request from terminal device, offer equipment anonymity card
Book downloading, certificate request obscure calculating, communication information are communicated and obtained with device end and issues system PCA to anonymous credential
Request anonymous credential etc..
Anonymous credential issues system (PseudoymCA;PCA) for issuing anonymous credential in short-term for terminal device, so as to end
The interaction of reliable information is realized between end equipment by anonymous credential.
In addition, the application is before the introduction for carrying out specific technical solution, it is also necessary to introduce card provided by the present application
System architecture applied by book application method is a kind of framework of certificate request system provided by the embodiments of the present application with reference to Fig. 1
Figure, wherein certificate request system 100 includes that terminal 101, access verifying system RA102 and anonymous credential issue system PCA103.
Wherein, terminal 101 add the certificate request request for carrying encrypted public key for the public key using PCA103
It is close, encrypted certificate application request is obtained, and encrypted certificate application request is sent to RA102.
Terminal in the embodiment of the present application can be for there are the terminals of Anonymous Secure communication requirement in every field, such as can
Think the car networking terminal etc. of LTE-V2X (Vehicle-To-Everything) car networking security fields.
In practical application, terminal firstly generates certificate request request, wherein certificate request before carrying out certificate request
It may include application certificate type, validity period etc. in request.Specifically, application certificate type may indicate that the certificate that needs are applied
For anonymous credential, validity period refers to the validity period of certificate.
In addition, the information security in order to guarantee certificate that certification authority is issued, needs the encrypted public key using terminal
Certificate is encrypted.Therefore, terminal needs to carry encrypted public key in certificate request request, so that certification authority can
The encrypted public key is obtained, and the certificate issued for the terminal is encrypted using the encrypted public key.But if in certificate Shen
Please request form during transmission is that encryption of plaintext public key is leaked, then may be the encryption of the later use encrypted public key
Certificate brings security threat, and therefore, the embodiment of the present application needs to guarantee the safety of encrypted public key.
In a kind of embodiment, terminal issues the public key of system PCA to the certificate for carrying encrypted public key using anonymous credential
Application request is encrypted, and encrypted certificate application request is obtained.The encrypted certificate application obtained due to the public key encryption using PCA
Request, can only be decrypted by the private key of PCA, therefore, during encrypted certificate application requests to transmit, the end of carrying
The encrypted public key at end not will be leaked, and ensure that the information security of encrypted public key.
In another embodiment, in order to further ensure the information security of encrypted public key, the embodiment of the present application is right
Before certificate request request is encrypted, primary encryption is carried out to the encrypted public key of terminal first with the public key of PCA, obtains public affairs
Key ciphertext obtains encrypted certificate application request secondly, the certificate request request for carrying public key cryptography is carried out secondary encryption.This
Apply for processing mode of the embodiment by secondary encryption, can further ensure the information security of encrypted public key.
It is worth noting that, usually terminal is to complete the write-in of the public key of PCA in process of production, therefore, the application is real
It applies in example, terminal can be encrypted directly using the public key for the PCA that write-in is completed.
In a kind of optional embodiment, terminal includes safety chip and security terminal, specifically, safety chip is for giving birth to
At the encrypted public key of terminal, and security terminal is for generating certificate request request.By taking car networking terminal as an example, car networking terminal packet
Including safety chip and V2X security terminal can use the public key of PCA after the safety chip of car networking terminal generates encrypted public key
It is encrypted to obtain public key cryptography to the encrypted public key, and public key cryptography is exported to the V2X security terminal of car networking terminal, so
The certificate request request for carrying public key cryptography is generated by V2X security terminal afterwards, and encrypts the certificate Shen again using the public key of PCA
It please request, finally obtain encrypted certificate application request.
In practical application, terminal is sent to RA after obtaining encrypted certificate application request, by encrypted certificate application request,
It is subsequent that encrypted certificate application request is forwarded to PCA by RA, to complete certificate request.In general, terminal is by encrypted certificate
Application request is sent to before RA, it is also necessary to it is signed using the signature private key of itself to encrypted certificate application request, and
Encrypted certificate application request by signature is sent to RA.
The encrypted certificate application is requested to forward by RA102 after verifying encrypted certificate application request
To PCA103.
In practical application, RA is being received after the encrypted certificate application request of signature, it is necessary first to which verifying should add
The correctness of the signature of close certificate request request, if passing through verifying, it is determined that corresponding terminal is requested in the encrypted certificate application.
Then, the private key that itself is re-used by RA signs to encrypted certificate application request, and forwards it to PCA;If
Verifying does not pass through, then can recorde the unverified encrypted certificate application request, while the information of failure is returned to terminal.
In order to further ensure that information security, avoid knowing that the encrypted certificate application from RA forwarding is asked in the side PCA
The exact source asked, in the embodiment of the present application, RA is after the encrypted certificate application request for receiving predetermined number, to this default
Several encrypted certificate application requests carry out obscuring processing, and the encrypted certificate application request after then obscuring is sent to PCA.
In a kind of optional embodiment, it can use and upset function at random and carry out obscuring processing.It illustrates, it is assumed that RA
Predetermined number 100 encrypted certificate applications request is received, then be can be used and upset function at random and ask 100 encrypted certificate applications
It asks and upsets at random, the encrypted certificate application request after being obscured.It is worth noting that, obscuring for the ease of subsequent corresponding solution
Processing, in the embodiment of the present application, RA needs the pre-recorded encrypted certificate application request obscure before processing and terminal
Corresponding relationship.
Specifically, RA can determine the encryption after the signature of verifying encrypted certificate application request in a kind of embodiment
Certificate request requests corresponding terminal, and records the corresponding relationship of encrypted certificate application request and the terminal.Another kind is implemented
In mode, RA also will receive the access certificate of terminal while receiving encrypted certificate application request, RA to the access certificate into
After row verifying, the corresponding terminal of access certificate can be determined, it is to be understood that the terminal is to send the encrypted certificate Shen
The terminal that please be requested, therefore, RA can recorde the corresponding relationship of encrypted certificate application request and the terminal.
PCA103 obtains the encrypted public key, and described in utilization for encrypted certificate application request to be decrypted
After encrypted public key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to RA102, and will by RA102
The anonymous credential is forwarded to terminal 101.
In the embodiment of the present application, PCA solves it using the private key of itself after receiving encrypted certificate application request
It is close, the information carried in encrypted certificate application request is obtained, encrypted public key, application certificate type, validity period etc. are generally included.
PCA generates anonymous credential based on the above- mentioned information carried in encrypted certificate application request for terminal.Wherein, anonymous credential be can
Letter, the information for concealed terminal.
In practical application, in order to guarantee the information security of anonymous credential, in the mistake that anonymous credential is presented to counterpart terminal
It needs to encrypt it in journey.In general, PCA is added after getting encrypted public key in encrypted certificate application request using being somebody's turn to do
Migong key encrypts the anonymous credential, so that it can be decrypted in counterpart terminal, finally obtains anonymous credential.
Since the embodiment of the present application is that the ciphertext based on encrypted public key transmits it, so in transmission process really
The information security of encrypted public key is protected, therefore, PCA is encrypted using anonymous credential of the encrypted public key to generation, can be true
Protect the safety of anonymous credential, the information security for the terminal for finally ensuring to be communicated based on the anonymous credential.
In practical application, the anonymous credential encrypted using encrypted public key is sent to RA by PCA, forwards it to correspondence by RA
Terminal finally avoid revealing in the side PCA anonymous to avoid to know the corresponding terminal of anonymous credential in the side PCA
The corresponding end message of certificate, guarantees the information security of terminal.
In a kind of optional embodiment, if RA has carried out obscuring processing to the encrypted certificate application request received,
Corresponding, RA needs to carry out solution when receiving the anonymous credential from PCA and obscures processing.Specifically, RA receive it is any
When anonymous credential, it is first determined then the corresponding encrypted certificate application request of the anonymous credential is demonstrate,proved according to pre-recorded encryption
The corresponding relationship of book application request and terminal determines the corresponding terminal of the anonymous credential, is finally forwarded to the anonymous credential pair
The terminal answered completes the application of certificate.
In order to further increase the information security of anonymous credential, certificate request system provided by the embodiments of the present application further includes
Time management system can also include time management system 201, wherein time management system on the basis of Fig. 1 with reference to Fig. 2
System 201 can integrate in the side CA where PCA and RA, can also be with individualism, and specific existence form the application is with no restrictions.
Specifically, PCA103, is also used to after generating anonymous credential for terminal, the institute sent to time management system 201
State the timeliness application request of anonymous credential.
Wherein, timeliness application request in can carry the terminal encrypted certificate application request in include validity period this
Parameter, time management system are that the terminal generates timeliness authorization response according to the parameter.
Time management system 201, in the timeliness application request for receiving the anonymous credential that the PCA is sent
Afterwards, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself.
PCA103, after being also used to anonymous credential described in the public key encryption using time management system 201, by the anonymous card
Book is sent to terminal.
Time management system 201 is also used to send private key to the terminal when reaching the start time point of timeliness phase, with
Toilet is stated terminal and the anonymous credential is decrypted using the private key.
In the embodiment of the present application, PCA does not carry out the first re-encryption to anonymous credential merely with the encrypted public key of terminal, simultaneously
The second re-encryption also is carried out to anonymous credential using the public key of time management system, finally obtains the anonymous credential of double-encryption.
Time management system is only when reaching the start time point of the anonymous credential corresponding timeliness phase, just to corresponding
Terminal sends the private key of itself, decrypts again so that the terminal can carry out first to anonymous credential using the private key, Jin Ercai
Second can be carried out to anonymous credential using the encrypted public key of itself to decrypt again, finally obtain anonymous credential, can be used in subsequent
Terminal security communication.
Since time management system is by way of sending private key to terminal when the start time point of timeliness phase reaches, control
Terminal processed really obtains the time of anonymous credential, avoids anonymous credential and obtains brought information security wind by terminal too early
Danger.
Corresponding with above-mentioned certificate request system, the embodiment of the present application also provides a kind of certificate request method, references
Fig. 3 is a kind of certificate request method flow diagram provided by the embodiments of the present application, this method comprises:
S301: terminal issues the public key of system PCA using anonymous credential, to carry encrypted public key certificate request request into
Row encryption obtains encrypted certificate application request.
S302: encrypted certificate application request is sent to access verifying system RA by terminal, and is sent via the RA
To the PCA.
Encrypted certificate application request is decrypted in S303:PCA, obtains the encrypted public key, and add using described
After Migong key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA.
S304: terminal receives the anonymous credential sent via the RA.
In the embodiment of the present application, PCA awards equipment by issuing the certificate realization containing authorization message to legitimate device
Power, so that equipment can be securely communicated based on the certificate of authorization.Specifically, certificate request request is initiated by terminal, via
It is forwarded to PCA after RA verifying, and issues corresponding certificate from PCA to the equipment, certificate is finally sent to the terminal, completes card
Book application.In certificate request method provided by the embodiments of the present application, before terminal sends certificate request request to PCA, first
Public key using PCA is that the certificate request request of carrying encrypted public key is encrypted, to guarantee in the process for carrying out certificate request
In and be not leaked in the encrypted public key of one lateral terminal of certification authority, and then the card of utility encrypted public key encryption
The information security of book, the information security of the final terminal for guaranteeing to communicate using the certificate.
In addition, PCA is not merely with the encrypted public key of terminal to anonymity in certificate request method provided by the embodiments of the present application
Certificate carries out the first re-encryption, while can also carry out the second re-encryption to anonymous credential using the public key of time management system,
Finally obtain the anonymous credential of double-encryption.Time management system when the start time point of timeliness phase reaches to terminal by sending out
The mode of private key is sent, controlling terminal really obtains the time of anonymous credential, avoids anonymous credential and obtains institute's band by terminal too early
The Information Security Risk come.
Description in the above system embodiment is referred to for the understanding of embodiment of the method, details are not described herein.
With the continuous social and economic development, field of traffic is faced with miscellaneous challenge, such as safety, trip, environment
Etc..And intelligent car networking V2X technology gives the various problem effective solution schemes faced in wisdom traffic, LTE-V2X
(Vehicle-To-Everything) i.e. vehicle and vehicle (V2V), vehicle and pedestrian (V2P), vehicle and infrastructure (V2I), vehicle and network
(V2N) etc. the communication system between allows traffic more wisdom for improving road safety, promote traffic trip efficiency.Through uniting
Meter, the application of V2X technology can effectively avoid 81% or so traffic accident, make 30% or more road traffic improved efficiency.With
The intelligent network connection automobile of the determination and appearance of national policies, standard, China is expected to that industrialization is done step-by-step, it is contemplated that 2020
The market scale in year is up to 100,000,000,000 yuan.
As vehicle-mounted end equipment becomes the standard configuration of many automobiles, vehicle and cloud server and other mobile devices it is real-time
Communication is possibly realized.The information of vehicle includes that a variety of data such as running state of the vehicle and geographical location information can join skill by net
Art uploads in cloud or other mobile devices, wherein many data are the important letters for being related to public's privacy and national security
Breath.Meanwhile some vehicle-mounted ends can also receive the instruction that cloud issues, make it possible remotely control vehicle behavior.At this
In the case of kind, if the data of transmission are maliciously obtained or utilized or vehicle receives and perform illegal instruction, having very much can
The event for jeopardizing personal safety can be caused to occur, or even rise to social safety and national security problem.It can be seen that information is pacified
That intelligent network connection development of automobile in China's must be taken into consideration and solve the problems, such as and one of eager entirely, challenge and opportunity simultaneously
It deposits.
For this purpose, can be applied to LTE-V2X car networking information security neck this application provides a kind of certificate request method
Domain, specifically, passing through and requesting the certificate request for carrying encrypted public key during car networking terminal is to PCA application certificate
Encrypted transmission, it is ensured that encrypted public key is not leaked, to ensure that the information security of the certificate using encrypted public key encryption, finally
It ensure that the information security of the car networking terminal based on certificate communication.
It is a kind of information of the certificate request method applied to car networking field provided by the embodiments of the present application with reference to Fig. 4
Interaction figure, wherein car networking terminal is also known as V2X equipment, this method comprises:
The encrypted public key that safety chip in S401:V2X equipment is pre-generated using the public key encryption of PCA, obtains public key
Ciphertext.
Security terminal in S402:V2X equipment generates the certificate request request for carrying public key cryptography, and utilizes the public affairs of PCA
Key encrypts certificate request request, obtains encrypted certificate application request.
It wherein, can also include application certificate type, validity period, public signature key value, signature value etc. in certificate request request.
After S403:V2X equipment signs to encrypted certificate application request, RA is sent it to.
S404:RA verifies the correctness of the signature of encrypted certificate application request, and after being verified, to predetermined number
Encrypted certificate application request carries out obscuring processing, obtains obscuring rear encrypted certificate application request.
It is worth noting that, RA after passing through to signature verification, determines that the encrypted certificate application requests corresponding V2X to set
It is standby, and record the corresponding relationship of encrypted certificate application request and the V2X equipment.In addition, V2X equipment asks encrypted certificate application
It asks while be sent to RA, the access certificate of itself is also sent to RA, access certificate is verified by RA, with determine should
V2X equipment has the permission of application anonymous credential.In addition, RA also can since access certificate carries the mark of V2X equipment
It determines that corresponding V2X equipment is requested in encrypted certificate application by access certificate, and records encrypted certificate application request and the V2X
The corresponding relationship of equipment.
It is worth noting that, the corresponding relationship of encrypted certificate the application request and V2X equipment of RA record, can be used in subsequent
Processing is obscured to the solution of anonymous credential.
S405:RA is requested after signing rear encrypted certificate application is obscured, and sends it to PCA.
The correctness of the signature of rear encrypted certificate application request is obscured in S406:PCA verifying, and after being verified, utilizes
The private key of itself is decrypted to rear encrypted certificate application request is obscured, and obtains each obscuring in rear encrypted certificate application request
Encrypted public key.
S407:PCA generates anonymous credential according to the information in encrypted certificate application request, and utilizes corresponding encrypted public key
Anonymous credential is encrypted.
S408:PCA sends the timeliness application request of each anonymous credential to time management system;Wherein, timeliness application is asked
Seek the expiration parameter carried in certificate request request.
S409: time management system returns to the timeliness authorization response for carrying the public key of itself to PCA.
S410:PCA using time management system public key to anonymous credential carry out the second re-encryption, and to anonymous credential into
After row signature, it is sent to RA.
S411:RA verifies the correctness of the signature of anonymous credential, and after being verified, carries out solution to anonymous credential and obscure
Processing;After anonymous credential after obscuring solution is signed, according to encrypted certificate application request and the V2X equipment recorded before obscuring
Corresponding relationship, send it to corresponding V2X equipment.
The correctness of the signature of S412:V2X device authentication anonymous credential.
S413: time management system issues the certificate with private key to V2X equipment when reaching validity period, so that V2X is set
Anonymous credential is decrypted in the standby private key using in the certificate.
In practical application, time management system is when reaching validity period to issuing licence under V2X equipment, wherein wraps in certificate
Containing the private key that first for anonymous credential is decrypted again, in addition, also include the public key etc. for sign test in the certificate issued,
After V2X equipment receives the certificate that time management system issues, the public key of the sign test carried first with the certificate demonstrate,proves anonymity
Book is verified, and to determine that the anonymous credential is issued by time management system, then utilizes the private key carried in the certificate
First is carried out to the anonymous credential to decrypt again.
Since time management system is only when reaching validity period, Cai Huixiang V2X equipment issues the certificate with private key,
That is only when reaching validity period, V2X equipment can utilize the private key from time management system to anonymous credential into
Row decryption.It is understood that the anonymous credential in V2X equipment end is ciphertext form due to before validity period reaches, because
This, can guarantee the information security of anonymous credential during this period.
The private key of S414:V2X equipment utilization time management system carries out first to anonymous credential and decrypts again, then using certainly
The encrypted public key of body carries out second to anonymous credential and decrypts again, obtains anonymous credential.
V2X equipment decrypted after anonymous credential after, can be securely communicated based on the anonymous credential, be guaranteed logical
Letter safety.
It is worth noting that, the method for the accuracy of signature and verifying signature in the embodiment of the present application is that this field is more normal
Method, this will not be repeated here.
Certificate request method provided by the embodiments of the present application can ensure that encrypted public key is not leaked, thus it is guaranteed that by
The information security of the anonymous credential of encrypted public key encryption.Illegal user can not be anonymous by decryption in V2X equipment communication process
Certificate determines which information is to belong to the same V2X equipment, can not obtain the complete path information etc. of same vehicle, avoid vehicle
Information security issue in networking.
Corresponding with above-described embodiment, the embodiment of the present application also provides a kind of certificate request devices with reference to Fig. 5 is
A kind of structural schematic diagram of certificate request device provided by the embodiments of the present application, described device are applied to terminal, described device 500
Include:
First encrypting module 501, for issuing the public key of system PCA using anonymous credential, to the card for carrying encrypted public key
Book application request is encrypted, and encrypted certificate application request is obtained;Wherein, the encrypted public key is what the terminal generated;
First sending module 502, for by the encrypted certificate application request be sent to access verifying system RA, and via
The RA is sent to the PCA, so that encrypted certificate application request is decrypted in the PCA, it is public to obtain the encryption
Key, and after being encrypted as the anonymous credential that the terminal generates using the encrypted public key, the anonymous credential is sent to described
RA;
First receiving module 503, for receiving the anonymous credential sent via the RA.
It is described for the embodiment of the present application also provides a kind of structural schematic diagram of certificate request device in addition, with reference to Fig. 6
Device is applied to anonymous credential and issues system PCA, and described device 600 includes:
Second receiving module 601, for receiving the encrypted certificate Shen for carrying out self terminal via access verifying system RA forwarding
It please request;Wherein, the encrypted certificate application request carries the encrypted public key of the terminal and the public key encryption using the PCA
It obtains;
Deciphering module 602 obtains the encrypted public key after encrypted certificate application request is decrypted;
Second encrypting module 603 will after being encrypted as the anonymous credential that the terminal generates using the encrypted public key
The anonymous credential is sent to the RA, so that the anonymous credential is forwarded to the terminal by the RA.
It is described for the embodiment of the present application also provides a kind of structural schematic diagram of certificate request device in addition, with reference to Fig. 7
Device is applied to access and verifies system RA, and described device 700 includes:
Obscure module 701, for receive predetermined number encrypted certificate application request after, to the predetermined number
Encrypted certificate application request carries out obscuring processing, and the encrypted certificate application after obscuring request to be sent to anonymous credential and issue be
Unite PCA;
Solution obscures module 702, and after receiving the anonymous credential from the PCA, it is mixed to carry out solution to the anonymous credential
Confuse processing, and the anonymous credential after solution is obscured is respectively sent to corresponding terminal.
It is described for the embodiment of the present application also provides a kind of structural schematic diagram of certificate request device in addition, with reference to Fig. 8
Device is applied to time management system, and described device 800 includes:
Third receiving module 801, the timeliness application for receiving the anonymous credential for issuing system PCA from anonymous credential are asked
After asking, Xiang Suoshu PCA returns to the timeliness authorization response for carrying the public key of itself, so that the PCA utilizes the time management system
After anonymous credential described in the public key encryption of system, the anonymous credential is sent to terminal;
Second sending module 802, for sending private key to the terminal when reaching the start time point of timeliness phase, so as to
The terminal is decrypted the anonymous credential using the private key.
The embodiment of the present application provides in certificate request device, before sending certificate request request to PCA, first with
The public key of PCA be carry encrypted public key certificate request request encrypted, with guarantee during carrying out certificate request with
And be not leaked in the encrypted public key of one lateral terminal of certification authority, and then the certificate of utility encrypted public key encryption
Information security, the information security of the final terminal for guaranteeing to communicate using the certificate.
In addition, the embodiment of the present application also provides a kind of certificate request equipment, it is shown in Figure 9, may include:
Processor 901, memory 902, input unit 903 and output device 904.Processor in certificate request equipment
901 quantity can be one or more, take a processor as an example in Fig. 9.In some embodiments of the invention, processor
901, memory 902, input unit 903 and output device 904 can be connected by bus or other means, wherein with logical in Fig. 9
It crosses for bus connection.
Memory 902 can be used for storing software program and module, and processor 901 is stored in memory 902 by operation
Software program and module, thereby executing the various function application and data processing of certificate request equipment.Memory 902 can
It mainly include storing program area and storage data area, wherein storing program area can be needed for storage program area, at least one function
Application program etc..In addition, memory 902 may include high-speed random access memory, it can also include non-volatile memories
Device, for example, at least a disk memory, flush memory device or other volatile solid-state parts.Input unit 903 can be used
It is related with the user setting of certificate request equipment and function control in the number or character information that receive input, and generation
Signal input.
Specifically in the present embodiment, processor 901 can be according to following instruction, by one or more application program
The corresponding executable file of process be loaded into memory 902, and run and be stored in memory 902 by processor 901
Application program, to realize the various functions in above-mentioned certificate request method.
In addition, being deposited in the computer readable storage medium present invention also provides a kind of computer readable storage medium
Instruction is contained, when described instruction is run on the terminal device, so that the terminal device executes above-mentioned certificate request method.
It is understood that for device embodiment, since it corresponds essentially to embodiment of the method, so correlation
Place illustrates referring to the part of embodiment of the method.The apparatus embodiments described above are merely exemplary, wherein described
Unit may or may not be physically separated as illustrated by the separation member, and component shown as a unit can be with
It is or may not be physical unit, it can it is in one place, or may be distributed over multiple network units.It can
It is achieved the purpose of the solution of this embodiment with selecting some or all of the modules therein according to the actual needs.This field is common
Technical staff can understand and implement without creative efforts.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
A kind of certificate request method, device and equipment provided by the embodiment of the present application is described in detail above,
Specific examples are used herein to illustrate the principle and implementation manner of the present application, and the explanation of above embodiments is only used
The present processes and its core concept are understood in help;At the same time, for those skilled in the art, according to the application's
Thought, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not be construed as
Limitation to the application.
Claims (10)
1. a kind of certificate request method, which is characterized in that the method is applied to terminal, which comprises
The public key that system PCA is issued using anonymous credential encrypts the certificate request request for carrying encrypted public key, is added
Close certificate request request;Wherein, the encrypted public key is what the terminal generated;
Encrypted certificate application request is sent to access verifying system RA, and is sent to the PCA via the RA, so as to
Encrypted certificate application request is decrypted in the PCA, obtains the encrypted public key, and encrypt using the encrypted public key
After the anonymous credential generated for the terminal, the anonymous credential is sent to the RA;
Receive the anonymous credential sent via the RA.
2. a kind of certificate request method, which is characterized in that the method is applied to anonymous credential and issues system PCA, the method
Include:
The PCA is received to be requested via the encrypted certificate application for carrying out self terminal of access verifying system RA forwarding;Wherein, described to add
Close certificate request request is carried the encrypted public key that the terminal generates and is obtained using the public key encryption of the PCA;
After encrypted certificate application request is decrypted in the PCA, the encrypted public key is obtained, and public using the encryption
After key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA, so as to by the RA by institute
It states anonymous credential and is forwarded to the terminal.
3. a kind of certificate request method, which is characterized in that the method is applied to access and verifies system RA, which comprises
The RA asks the encrypted certificate application of the predetermined number after the encrypted certificate application request for receiving predetermined number
It asks and obscure processing, and the encrypted certificate application request after obscuring is sent to anonymous credential and issues system PCA;
After the RA receives the anonymous credential from the PCA, solution is carried out to the anonymous credential and obscures processing, and solution is obscured
Anonymous credential afterwards is respectively sent to corresponding terminal.
4. a kind of certificate request method, which is characterized in that the method is applied to time management system, which comprises
After the time management system receives the timeliness application request for the anonymous credential for issuing system PCA from anonymous credential, to
The PCA returns to the timeliness authorization response for carrying the public key of itself, so that the PCA utilizes the public key of the time management system
After encrypting the anonymous credential, the anonymous credential is sent to terminal;
The time management system sends private key to the terminal when reaching the start time point of timeliness phase, so as to the terminal
The anonymous credential is decrypted using the private key.
5. a kind of certificate request system, which is characterized in that the system comprises terminal, access verifying system RA and anonymous credentials to issue
Hair system PCA;
The terminal encrypts the certificate request request for carrying encrypted public key, obtains for the public key using the PCA
Encrypted certificate application request, and encrypted certificate application request is sent to the RA;Wherein, the encrypted public key is described
What terminal generated;
Encrypted certificate application request is forwarded to by the RA after verifying to encrypted certificate application request
The PCA;
The PCA obtains the encrypted public key, and add using described for encrypted certificate application request to be decrypted
After Migong key is encrypted as the anonymous credential that the terminal generates, the anonymous credential is sent to the RA, and will by the RA
The anonymous credential is forwarded to the terminal.
6. a kind of certificate request device, which is characterized in that described device is applied to terminal, and described device includes:
First encrypting module asks the certificate request for carrying encrypted public key for being issued the public key of system PCA using anonymous credential
It asks and is encrypted, obtain encrypted certificate application request;Wherein, the encrypted public key is what the terminal generated;
First sending module, for encrypted certificate application request to be sent to access verifying system RA, and via the RA
It is sent to the PCA, so that encrypted certificate application request is decrypted in the PCA, obtains the encrypted public key, and benefit
After being encrypted as the anonymous credential that the terminal generates with the encrypted public key, the anonymous credential is sent to the RA;
First receiving module, for receiving the anonymous credential sent via the RA.
7. a kind of certificate request device, which is characterized in that described device is applied to anonymous credential and issues system PCA, described device
Include:
Second receiving module, for receiving the encrypted certificate application request for carrying out self terminal via access verifying system RA forwarding;
Wherein, the encrypted certificate application request is carried the encrypted public key of the terminal generation and is obtained using the public key encryption of the PCA
It arrives;
Deciphering module obtains the encrypted public key after encrypted certificate application request is decrypted;
Second encrypting module is hidden after being encrypted as the anonymous credential that the terminal generates using the encrypted public key by described
Name certificate is sent to the RA, so that the anonymous credential is forwarded to the terminal by the RA.
8. a kind of certificate request device, which is characterized in that described device is applied to access and verifies system RA, and described device includes:
Module is obscured, for demonstrate,proving the encryption of the predetermined number after the encrypted certificate application request for receiving predetermined number
Book application request carries out obscuring processing, and the encrypted certificate application after obscuring requests to be sent to anonymous credential and issues system PCA;
Solution obscures module, after receiving the anonymous credential from the PCA, carries out solution to the anonymous credential and obscures processing,
And the anonymous credential after obscuring solution is respectively sent to corresponding terminal.
9. a kind of computer readable storage medium, which is characterized in that instruction is stored in the computer readable storage medium, when
When described instruction is run on the terminal device, so that the terminal device executes method according to any of claims 1-4.
10. a kind of certificate request equipment characterized by comprising memory, processor, and be stored on the memory simultaneously
The computer program that can be run on the processor when the processor executes the computer program, is realized as right is wanted
Seek the described in any item methods of 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910575537.3A CN110365486B (en) | 2019-06-28 | 2019-06-28 | Certificate application method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910575537.3A CN110365486B (en) | 2019-06-28 | 2019-06-28 | Certificate application method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110365486A true CN110365486A (en) | 2019-10-22 |
| CN110365486B CN110365486B (en) | 2022-08-16 |
Family
ID=68215936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910575537.3A Active CN110365486B (en) | 2019-06-28 | 2019-06-28 | Certificate application method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110365486B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995412A (en) * | 2019-12-02 | 2020-04-10 | 西安邮电大学 | Certificateless Ring Signcryption Method Based on Multiplicative Group |
| CN111130777A (en) * | 2019-12-31 | 2020-05-08 | 北京数字认证股份有限公司 | Issuing management method and system for short-lived certificate |
| CN113015159A (en) * | 2019-12-03 | 2021-06-22 | 中国移动通信有限公司研究院 | Initial security configuration method, security module and terminal |
| CN113225733A (en) * | 2020-01-19 | 2021-08-06 | 中国移动通信有限公司研究院 | User identification module, certificate acquisition method, device and storage medium |
| CN113765667A (en) * | 2020-06-02 | 2021-12-07 | 大唐移动通信设备有限公司 | Anonymous certificate application method, device authentication method, device, apparatus and medium |
| CN114900302A (en) * | 2022-07-12 | 2022-08-12 | 杭州天谷信息科技有限公司 | Anonymous certificate issuing method |
| WO2023010871A1 (en) * | 2021-08-05 | 2023-02-09 | 中兴通讯股份有限公司 | Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1784643A (en) * | 2003-06-04 | 2006-06-07 | 国际商业机器公司 | Method and system for controlling the disclosure time of information |
| CN1801029A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for generating digital certificate and applying the generated digital certificate |
| CN104904156A (en) * | 2013-01-08 | 2015-09-09 | 三菱电机株式会社 | Authentication processing device, authentication processing system, authentication processing method and authentication processing program |
| CN106533692A (en) * | 2016-11-01 | 2017-03-22 | 济南浪潮高新科技投资发展有限公司 | Digital certificate application method based on TPM |
| US20190123915A1 (en) * | 2017-10-22 | 2019-04-25 | Marcos A. Simplicio, JR. | Cryptographic methods and systems for managing digital certificates |
-
2019
- 2019-06-28 CN CN201910575537.3A patent/CN110365486B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1784643A (en) * | 2003-06-04 | 2006-06-07 | 国际商业机器公司 | Method and system for controlling the disclosure time of information |
| CN1801029A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for generating digital certificate and applying the generated digital certificate |
| CN104904156A (en) * | 2013-01-08 | 2015-09-09 | 三菱电机株式会社 | Authentication processing device, authentication processing system, authentication processing method and authentication processing program |
| CN106533692A (en) * | 2016-11-01 | 2017-03-22 | 济南浪潮高新科技投资发展有限公司 | Digital certificate application method based on TPM |
| US20190123915A1 (en) * | 2017-10-22 | 2019-04-25 | Marcos A. Simplicio, JR. | Cryptographic methods and systems for managing digital certificates |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995412A (en) * | 2019-12-02 | 2020-04-10 | 西安邮电大学 | Certificateless Ring Signcryption Method Based on Multiplicative Group |
| CN110995412B (en) * | 2019-12-02 | 2020-11-10 | 西安邮电大学 | Certificateless ring signcryption method based on multiplicative group |
| CN113015159A (en) * | 2019-12-03 | 2021-06-22 | 中国移动通信有限公司研究院 | Initial security configuration method, security module and terminal |
| CN111130777A (en) * | 2019-12-31 | 2020-05-08 | 北京数字认证股份有限公司 | Issuing management method and system for short-lived certificate |
| CN111130777B (en) * | 2019-12-31 | 2022-09-30 | 北京数字认证股份有限公司 | Issuing management method and system for short-lived certificate |
| CN113225733A (en) * | 2020-01-19 | 2021-08-06 | 中国移动通信有限公司研究院 | User identification module, certificate acquisition method, device and storage medium |
| CN113225733B (en) * | 2020-01-19 | 2023-01-13 | 中国移动通信有限公司研究院 | User identification module, certificate acquisition method, device and storage medium |
| CN113765667A (en) * | 2020-06-02 | 2021-12-07 | 大唐移动通信设备有限公司 | Anonymous certificate application method, device authentication method, device, apparatus and medium |
| WO2023010871A1 (en) * | 2021-08-05 | 2023-02-09 | 中兴通讯股份有限公司 | Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium |
| CN114900302A (en) * | 2022-07-12 | 2022-08-12 | 杭州天谷信息科技有限公司 | Anonymous certificate issuing method |
| CN114900302B (en) * | 2022-07-12 | 2022-11-25 | 杭州天谷信息科技有限公司 | Anonymous certificate issuing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110365486B (en) | 2022-08-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110365486A (en) | A kind of certificate request method, device and equipment | |
| CN111049660B (en) | Certificate distribution method, system, device and equipment, and storage medium | |
| US10567370B2 (en) | Certificate authority | |
| CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
| CN112528250B (en) | System and method for realizing data privacy and digital identity through block chain | |
| US20150113275A1 (en) | Tamper-resistant and scalable mutual authentication for machine-to-machine devices | |
| CN112671798A (en) | Service request method, device and system in Internet of vehicles | |
| CN105577613B (en) | A kind of method of sending and receiving of key information, equipment and system | |
| CN103856477A (en) | Trusted computing system, corresponding attestation method and corresponding devices | |
| CN110061846A (en) | Identity authentication method and relevant device are carried out to user node in block chain | |
| CN102594558A (en) | Anonymous digital certificate system and verification method of trustable computing environment | |
| US12132839B2 (en) | Decentralised authentication | |
| KR100947119B1 (en) | Certificate verification method, certificate management method and terminal performing the same | |
| CN105491076B (en) | A kind of heterogeneous network end to end authentication key exchange method towards empty day Information Network | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| CN110932850A (en) | Communication encryption method and system | |
| KR101631635B1 (en) | Method, device, and system for identity authentication | |
| CN109495441A (en) | Access authentication method, device, relevant device and computer readable storage medium | |
| CN118199866A (en) | Method for synchronously distributing quantum key and digital certificate and related equipment | |
| Berlato et al. | Smart card-based identity management protocols for V2V and V2I communications in CCAM: A systematic literature review | |
| CN113872986B (en) | Power distribution terminal authentication method and device and computer equipment | |
| CN114091009A (en) | Method for establishing secure link by using distributed identity | |
| Kleberger et al. | Protecting vehicles against unauthorised diagnostics sessions using trusted third parties | |
| Lee et al. | FIT: Design and implementation of fast ID tracking system on chip for vehicular ad-hoc networks | |
| Akhlaq et al. | Empowered certification authority in VANETs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |